Unman: > On Sat, Mar 11, 2017 at 04:43:41PM +0000, sm8ax1 wrote: >> 7v5w7go9ub0o: >>> >>> >>> On 03/11/2017 12:10 PM, Alex wrote: >>>> On 03/11/2017 12:14 PM, Chris Laprise wrote: >>>>> On 03/11/2017 04:20 AM, Alex wrote: >>>>>> the only really read-write directories (their changes are >>>>>> actually persisted) are /home and /usr/local. >>>>> That is enough to be able to persist. >>>> Yes, and that doesn't even need root :) So, both having root or >>>> not, there is some degree of persistence attainable. >>>> >>>> Installing via DNF or any other package manager is an easy route >>>> to put files in the relevant "system" directories, but since these >>>> are not persisted, it's actually more convenient, from a malware >>>> point of view, to just place them in the home of the user and set >>>> up some kind of autostart (eg bashrc, or systemd user units, or >>>> gnome autostarts). >>> >>> >>> >>> >>> Yep! And ISTM this is an argument for using dispvms to handle mail >>> (or any other WAN-exposed client/server): start a dispvm; copy mail >>> client and mail "file" into it; do your mail; copy out and save the >>> updated mail file (which is text); flush away the dispvm - all >>> handled by a script(s). >> >> How do you figure that's less of a pain in the ass than typing a sudo >> password? >> > > You're missing the point - that procedure is trivial to set up in > Qubes and addresses real security concerns. Just putting a password on > root access, or requiring some dom0 interaction doesn't. > > This is important - security IS a pain in the ass. Qubes can make it > less so. >
Point taken. Someone at some point said requiring sudo would be too inconvenient and new users wouldn't be familiar with it. I guess that wasn't you. My mistake. By the way, I'll call it "trivial" when there's an easy to use script, complete with .desktop, readily available that does it. Writing said script is more like "medium difficulty" for the average user. ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9f7f2f1-7bb7-9a2e-93c9-118840747e70%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
