- If we consider a compromised VM with: - passwords saved in the browser: an attacker can obtain all passwords - your proposed password manager: an attacker can still obtain all passwords, just needs to wait for them to be used
- If we consider a non-compromised VM with: - passwords saved in a browser: an attacker can not obtain passwords - your proposed password manager: an attacker can obtain passwords by changing window titles during authentication (which may or may not be *detected* by a sharply observant user, but could still not be *prevented* by one) Therefore, your proposed solution is actually appears worse from a security perspective (aiming to guarantee password confidentiality) than just saving passwords in your browser! Your argument appears to reduce to "This may be theoretically exploitable, but the ease of implementation and additional convenience is more important to me", which assumes your adversary is not sufficiently {resourced, motivated, creative} to exploit that theoretical weakness against you. For many users this assumption and associated trade-off may be fine... however they are quite strongly rejected in the arguments motivating the design of Qubes. The key difference between this and the passwordless sudo argument you bring up is that the qubes security model explicitly assumes that user->root privilege escalation within a VM is possible, and designs around that fact. Meaning, assuming the security assumptions of Qubes [1] hold, passwordless sudo is *not* a theoretical weakness [2]. [1] which have nothing to do with assuming weak/unmotivated adversaries [2] unless Xen vulns affecting Qubes are somehow more exploitable from kernel vs. userspace within a VM *and* the adversary does not also have a linux privesc exploit (which history has shown to be quite unlikely) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_DFw3_%2BD5XViMkie7mn4x60WgQ7yvYVPhhXdzpxoBoMhQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.