Whonix-Gateway user password?

I was wondering if anon-connection-wizard (acw) should be possible to start without a password on Whonix-Gateway. @iry

But then I wonder why an exception and not a general solution. If we ignore physical isolation, if we can allow everyone in sudoers group (effectively for most users only user user) to run any command using sudo / kdesudo without entering a password.

/etc/sudoers.d/gateway-passwordless

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

Any thoughts on security? @HulaHoop

2 Likes

At this point I doubt anyone is changing the default passwords and if they do they make it easy enough so it doesn’t annoy them when they do common tasks. The odds are any 0day exploit chain accounts for privilege escalation and so a root password won’t stop them there. I don’t recall seeing any linux measures against root password bruteforcing anyway. Any sec measure that requires constant user input is not practical and doomed.

2 Likes

The question is how complex would the password be so it couldn’t be bruteforced away even if changed.