2011-04-05 16:04:09 +02:00
|
|
|
%qubes ALL=(ALL) NOPASSWD: ALL
|
2011-04-07 19:38:02 +02:00
|
|
|
|
|
|
|
#
|
|
|
|
# What we're saying above basically means: if the attacker got user access in
|
|
|
|
# Dom0, then you're screwed already, as there are dozens of ways for the
|
|
|
|
# attacker to escalate to root from user (e.g. via xend).
|
|
|
|
#
|
|
|
|
# Even that is not necessary, in fact! As all the VM control actions can be
|
|
|
|
# done by user -- after all this is why you can easily start/create VMs and
|
|
|
|
# apps in VMs from GUI -- all that the attacker needs is user access in Dom0.
|
|
|
|
#
|
|
|
|
# So, because in Qubes OS, in Dom0, user account is just as sensitive as root
|
|
|
|
# account, we don't pretend otherwise, and try to make life a bit easier for
|
|
|
|
# the user allowing for easy escalation (no need to choose and remember a root
|
|
|
|
# password in Dom0).
|
|
|
|
#
|
|
|
|
# This is also why we don't pretend that Qubes OS is a multiuser system -- it
|
|
|
|
# is not! (for the reasons given above). The assumption is that there is only
|
|
|
|
# one user that logs into GUI manager: YOU. This is hardly a limiting factor
|
|
|
|
# these days, when it's not uncommon for a single person to own not one, but
|
|
|
|
# several computers, which are not shared with others (phone, tablet, laptops).
|
|
|
|
# We live in a PC-era! :)
|
|
|
|
#
|
|
|
|
# This means that the user password you choose during installation servers only
|
|
|
|
# one purpose: it allows you to lock your screen while you're away via the
|
|
|
|
# screen saver. Nothing more!
|
|
|
|
#
|
|
|
|
# joanna.
|
|
|
|
#
|
2011-06-29 21:22:56 +02:00
|
|
|
|
|
|
|
Defaults !requiretty
|