I was wondering if anon-connection-wizard (acw) should be possible to start without a password on Whonix-Gateway. @iry
But then I wonder why an exception and not a general solution. If we ignore physical isolation, if we can allow everyone in sudoers group (effectively for most users only user user) to run any command using sudo / kdesudo without entering a password.
/etc/sudoers.d/gateway-passwordless
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
Any thoughts on security? @HulaHoop
At this point I doubt anyone is changing the default passwords and if they do they make it easy enough so it doesn’t annoy them when they do common tasks. The odds are any 0day exploit chain accounts for privilege escalation and so a root password won’t stop them there. I don’t recall seeing any linux measures against root password bruteforcing anyway. Any sec measure that requires constant user input is not practical and doomed.
The question is how complex would the password be so it couldn’t be bruteforced away even if changed.