Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[fiftyfourthparallel]

On Thursday, 6 August 2020 22:24:38 UTC+8, 54th Parallel wrote:
>
>
> There might be potential attacks against the hypervisor or 
> daemons/backends in dom0 that require root access. Qubes founder Joanna 
> Rutkowska initially assessed there was limited benefit from isolating the 
> root account from the user account, because all user data is already 
> accessible from the latter 
>  
> [archive] 
> .
>  
> However, she later changed her opinion on the matter; see here 
> 
>  [archive] 
> 
> .
>
>
Upon reading that more carefully, I realized that it's explicitly about 
dom0, but I think the general concept applies to other VMs as well. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88dd8065-2729-421f-81e0-0fac66ac5f73o%40googlegroups.com.

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[fiftyfourthparallel]

On Thursday, 6 August 2020 17:36:05 UTC+8, Chris Laprise wrote:
>
> IIRC she gave some indication that guest VMs shouldn't be defenseless 
> internally. 
>
> -- 
> Chris Laprise, tas...@posteo.net  
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886 
>

Found it!

There might be potential attacks against the hypervisor or daemons/backends 
in dom0 that require root access. Qubes founder Joanna Rutkowska initially 
assessed there was limited benefit from isolating the root account from the 
user account, because all user data is already accessible from the latter 
 
[archive] 
.
 
However, she later changed her opinion on the matter; see here 

 [archive] 

.

https://www.whonix.org/wiki/Qubes-Whonix_Security#cite_note-11 

https://web.archive.org/web/20200323113623/https://github.com/QubesOS/qubes-issues/issues/2695#issuecomment-301316132

The Whonix documentation for Qubes is actually generally applicable beyond 
Whonix--I highly recommend anyone interested in securing their computers 
look around the Whonix wiki (i.e. basically everyone reading this). The 
page I linked is a good starting point. Kudos to the Whonix Wiki maintainer.


>My own philosophy (which prompted me to create Qubes-VM-hardening) is
that if we're going to have these VMs running regular OSes, they should
at least have their normal security or some equivalent intact. And also
that the combination of normal security and Qubes security should yield
extra benefits, which I think Qubes-VM-hardening does.

This is what baffles me about some people's mindsets--if they prize 
security so much that thet take the time and trouble to install and learn 
Qubes --no small feat for most of us-- why not go a bit further and batton 
down the hatches of their VMs? It's usually a one-time investment that 
requires little to no maintenance with a huge payoff with regard to their 
goal (which I presume is secure computing). Kudos to you for making this 
process a heck of a lot easier for non-technical people, like me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/222144ba-abd7-41c8-a68e-2a4aa88dff0eo%40googlegroups.com.

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[Chris Laprise]

On 8/5/20 11:48 PM, fiftyfourthparal...@gmail.com wrote:

On Thursday, 6 August 2020 00:37:08 UTC+8, Qubes wrote:

What risk(s) are you mitigating by disabling passwordless root?


  You should look at this the other way around--what do I stand to lose 
by keeping passwordless root? If I can take a low-cost step that would 
dramatically raise the cost for would-be attackers, wouldn't it be a 
prudent step to take? Besides, even Joanna herself backtracked on her 
claim that passwordless root is the best option (forgot where I read it, 
but I definitely did)


IIRC she gave some indication that guest VMs shouldn't be defenseless 
internally.


My own philosophy (which prompted me to create Qubes-VM-hardening) is 
that if we're going to have these VMs running regular OSes, they should 
at least have their normal security or some equivalent intact. And also 
that the combination of normal security and Qubes security should yield 
extra benefits, which I think Qubes-VM-hardening does.


--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0affe12-6844-38db-509b-ee5d60f68a2a%40posteo.net.

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[fiftyfourthparallel]

On Thursday, 6 August 2020 00:37:08 UTC+8, Qubes wrote:
>
> What risk(s) are you mitigating by disabling passwordless root? 
>

 You should look at this the other way around--what do I stand to lose by 
keeping passwordless root? If I can take a low-cost step that would 
dramatically raise the cost for would-be attackers, wouldn't it be a 
prudent step to take? Besides, even Joanna herself backtracked on her claim 
that passwordless root is the best option (forgot where I read it, but I 
definitely did)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/65c66143-b92a-4846-a6e9-a62f86c8e213o%40googlegroups.com.

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[Qubes]

On 8/5/20 6:12 PM, fiftyfourthparal...@gmail.com wrote:



On Wednesday, 5 August 2020 02:29:46 UTC+8, 54th Parallel wrote:


Hi all,

Sorry for the recent spam--I've been spending a lot more time with Qubes
and coming across issues that I haven't seen mentioned here yet.

Here's another one:

If you disable passwordless root access in whonix-gw, tor control panel
(accessed by right clicking the sw-date tray icon) stops working entirely,
and whonix-ws will cause whonix-gw to continually spam you with dom0 sudo
prompts if you enabled that. Ignoring them and dragging them off to another
workspace hasn't caused any issues, but it's still annoying to deal with.

Has anyone else had this experience or have any suggestions?



Problem seems to have gone away after using configure-sudo-prompt from
tasket's qubes-vm-hardening on a fresh installation of
qubes-template-whonix-gw-15


What risk(s) are you mitigating by disabling passwordless root?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7f4c948-421e-1d38-a16a-f8047521ace3%40ak47.co.za.

[qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

[fiftyfourthparallel]

On Wednesday, 5 August 2020 02:29:46 UTC+8, 54th Parallel wrote:
>
> Hi all,
>
> Sorry for the recent spam--I've been spending a lot more time with Qubes 
> and coming across issues that I haven't seen mentioned here yet. 
>
> Here's another one:
>
> If you disable passwordless root access in whonix-gw, tor control panel 
> (accessed by right clicking the sw-date tray icon) stops working entirely, 
> and whonix-ws will cause whonix-gw to continually spam you with dom0 sudo 
> prompts if you enabled that. Ignoring them and dragging them off to another 
> workspace hasn't caused any issues, but it's still annoying to deal with. 
>
> Has anyone else had this experience or have any suggestions?
>

Problem seems to have gone away after using configure-sudo-prompt from 
tasket's qubes-vm-hardening on a fresh installation of 
qubes-template-whonix-gw-15

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7c475aa-206e-4f5c-bf09-8d6f24e344cao%40googlegroups.com.