On 03/10/2017 06:33 PM, hib0...@gmail.com wrote:
Im sure this has been kicked into a pulp (considering the threads and the text in the sudoers
files) but I am still perturbed by the argument that allowing unrestricted sudo to root in a DomU
VM is "safe" and there is "no benefit" to disallowing it. Perhaps I am
misunderstanding something, I have only installed and begun to pull the system apart today, so bear
with me.
Hi,
I used to be in the "only VM isolation matters" camp. But then I
realized there is no reason NOT to keep the guest OS security intact;
that's how it was designed to be used.
Furthermore, assuming that Linus & Co are never going to come through
with a patch for vuln X before your systems encounter X is foolhardy.
I'd rather give the guest OS a chance to stop attacks..... especially if
the OS is already configured to do that.
Re-enabling sudo security is possible; check out the vmsudo doc:
https://www.qubes-os.org/doc/vm-sudo/
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/feab905a-15b6-eef0-32e4-1d970c15e8b6%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
