Starting a new thread, bases on this reply:
as many obstacles in the attackers’ paths
The entire point was that for an attacker commanding a Xen 0-day
obtaining root privileges is not an obstacle. And that’s the only form
of attack where the whole discussion about passwordless root even makes
sense.
Think about it:
- the attacker is already executing code on your machine
- can already persist in your home directory
- any changes that attacker could make through root privileges DO NOT
persist
So giving the attacker passwordless root access in a standard qube
doesn’t change a thing. Hence all it really is at that point is a UX
hurdle.
Standalone qubes are a different topic, as are templates in which you
are hopefully never execute anything besides ‘apt’ or ‘dnf’.
It’s not a matter of making users (or maybe just me) feel good, as no
one has yet been able to make an argument to convince me that the
costs of sudo prompt (UX or otherwise) outweigh the security
benefits.
Ok, I am up for that discussion. Please tell me which security benefits
sudo prompt affords you in a standard AppVM qube setup. My goal will be
to prove to you that there are none, and hence it’s just a hurdle.
I’ve been told to “agree to differ” by one of the more technical and
respected members of the community, but that’s hard to swallow
especially when it comes from someone with his level of knowledge.
Only if you assume that you are right. Could it be that the “more
technical and respected members of the community” understands something
that you don’t? I’d at least consider it.
Would this be a good point to split the thread
Done. I just see @deeplow made a new thread here:
So feel free to answer there. I’ll lock this one to avoid duplicate threads.
and make a poll?
About? The root thing? It’s not up for vote: it’s a technical question
not a matter of opinion.