@HulaHoop, I’m sure you’re aware of the Qubes stance on passwordless root: Passwordless root access in qubes | Qubes OS. Would you care to share your thoughts on that?
IIUC, the main argument is that any attacker that has the ability to compromise the Xen hypervisor (which has had one “publicly disclosed exploitable bug”, (two now I guess)) - will already have a much easier to obtain root escalation exploit in their back pocket.
Isn’t it conceivable that there is an entire class of attackers (ie script kiddies) that can easily obtain public exploits / malware that might not have the resources to find their own root escalation exploits? In that case, this security policy comes down to a race between Xen/Qubes patches and User update practices vs these less sophisticated attackers. How many “ordinary” users are being actively attacked by nation-states vs the number who are under constant probing from script-kiddies? By focusing defenses against the most sophisticated theoretical adversaries, is Qubes leaving the door wide open to hooligans?