On Sat, Mar 11, 2017 at 04:43:41PM +0000, sm8ax1 wrote: > 7v5w7go9ub0o: > > > > > > On 03/11/2017 12:10 PM, Alex wrote: > >> On 03/11/2017 12:14 PM, Chris Laprise wrote: > >>> On 03/11/2017 04:20 AM, Alex wrote: > >>>> the only really read-write directories (their changes are > >>>> actually persisted) are /home and /usr/local. > >>> That is enough to be able to persist. > >> Yes, and that doesn't even need root :) So, both having root or > >> not, there is some degree of persistence attainable. > >> > >> Installing via DNF or any other package manager is an easy route > >> to put files in the relevant "system" directories, but since these > >> are not persisted, it's actually more convenient, from a malware > >> point of view, to just place them in the home of the user and set > >> up some kind of autostart (eg bashrc, or systemd user units, or > >> gnome autostarts). > > > > > > > > > > Yep! And ISTM this is an argument for using dispvms to handle mail > > (or any other WAN-exposed client/server): start a dispvm; copy mail > > client and mail "file" into it; do your mail; copy out and save the > > updated mail file (which is text); flush away the dispvm - all > > handled by a script(s). > > How do you figure that's less of a pain in the ass than typing a sudo > password? >
You're missing the point - that procedure is trivial to set up in Qubes and addresses real security concerns. Just putting a password on root access, or requiring some dom0 interaction doesn't. This is important - security IS a pain in the ass. Qubes can make it less so. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170311165620.GC23720%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.