How to use the password authentication mechanism in Qubes OS?

I just use whonix ws as example here. First I noticed all qubes vm allow passwordless root access. I like Qubes OS, but to be honest I think passwordless root access is not a very good idea. I know the qubes dev talked why they enable passwordless root here https://www.qubes-os.org/doc/vm-sudo/, but every script or program can easily gain root access just made me very uncomfortable. I also doubt the solution provided by this page(which is dom0 prompt for root access) is a good method.

The Linux system has a mature password way of authentication. Can I just use the traditional Unix authentication? I know many people will say this mechanism is buggy and will not stop any attacker, but I still believe lock the root access behind a password has some advantages. A lot of kernel defense and harden mechanism require this password auth mechanism, because everything is meaningless when a program can easily gain root access. I believe a properly configured kernel and access control system is capable to fend off most attackers at the very beginning. Even an attacker failed to compromise Xen, the attacker is still able to collect a lot of information about the user with a root access VM.

Most people will not have a chance to face an elite hacker who can compromise Xen, but maybe some cops try to catch them for some illegal activities. For example a javascript trojan implanted by FBI start execute in your whonix ws, it just simply gain root access without need to confront any account restriction/MAC/kernel protection. It can check all of your hardware info in /proc/cpuinfo, and it can check all of your software config. With all the software/hardware fingerprint collected in this way, the law enforcement might have enough information to identify you. Xen breach does not happen, but the worst scene still happened.

The whonix workstation and gateway in virtualbox environment works in password way, is it possible to migrate this mechanism to qubes OS platform? Thanks for your help.

1 Like

Think about this - if you want a root password, but not the dom0 prompt,
then you have to have it enabled in the qube, and so in the template
that the qube uses.
All qubes sharing that template will have the same root password. If
this is what you want, and you think this is better in some magical
way, then set the password in the template.

1 Like