@skyvine
I might be misunderstanding you so feel free to correct me. But it sounds like what you’re trying to do is figure out what the “right answer” is in terms of choosing to enable passwordless root or not.
Not really. As I said, I am neither against, nor for either of the two alternatives. What I am trying to figure is the actual reasoning behind the “WTF”, as the superficial text it provides is not it. I say superficial, because I have read a lot of amazingly deep stuff by Joanna, based on which I simply refuse to believe that this is the actual and complete reasoning. Her later comments on GitHub also confirm that there is more to it.
The simplification “VMs are perfectly isolated, so root needs no password” seems easily accepted by the majority as “the right answer”. Parallel to that, the same people repeat the other mantra - that there is no perfect security. So, they both assume that VMs are perfectly isolated and that there is no perfect security. I wonder how many have actually dug deeper into that, as DMA attacks are actually possible even with IOMMU (contains also links to Joanna’s papers on the subject, showing that those are possible). And that this is just one thing, found through quick search, not a complete study of the subject.
Another fact, worth considering IMO, is that nothing so far looks at the possibility of flaws in this whole “perfect isolation” which may be discovered in near or far future. Side-channel CPU attacks, for example, were not a thing just a few years ago. They changed quite a lot the security considerations after appearing though. That is a different discussion though.
So, I hope you understand the source of my confusion, as well as the effect of the “WTF” on the community (which we see even in the current thread). I was hoping that someone with deeper expertise and understanding of the whole matter would be able to provide a more meaningful clarification (ideally, even update that doc). Then, anyone reading it would have a better basis to decide for oneself how and why to act considering case specifics, not merely be given “freedom to do what you want” (including to fool oneself).
The problem is that when it comes to security, there is no “right answer”.
The even bigger problem is that there are so many wrong, yet easily accepted, answers.