this post was submitted on 02 Oct 2023
222 points (97.0% liked)

Technology

34904 readers
1142 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (5 children)

How does rooting "cripple" security? You still need to give Superuser permission to apps on an individual basis. So long as you only give Superuser permission to widely-used open-source apps, what's the "crippling" change?

Or do you mean having an unlocked bootloader, which gives anyone with physical access to your device tools to unlock your phone? That's related, but different, from rooting. And you can lock your bootloader and keep root access, so they aren't interchangeable.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (4 children)

you can't lock your bootloader and retain access for one. that's an easy way to brick your device. it cripples security because in order to gain this access you are patching in the sudo binary (which doesn't normally exist on Android and is therefore not designed to be securely used) and a bunch of selinux policies that give extremely vague permissions systemwide. data exfiltration is made a much simpler task when a user has rooted their device.

it is also increasing attack surface. you now have to trust that this per app permission model is actually functioning correctly and isn't exploitable.

edit: it is worth noting that having root access on a desktop Linux system is horribly insecure as well, though. I completely remove sudo on my systems (although considering one can just invoke su -c or su - root that doesn't help too much in actuality)

[–] [email protected] 1 points 1 year ago (3 children)

edit: it is worth noting that having root access on a desktop Linux system is horribly insecure as well, though. I completely remove sudo on my systems (although considering one can just invoke su -c or su - root that doesn't help too much in actuality)

You have just proven you never or very rarely use a computer. How do you even update the system without sudo or an alternative to it?
Without root permissions you basically can't manage your system anymore.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

a better solution than giving blanket root access would be an API/daemon that provides more fine grained permission control, similar to how flatseal manages the flatpak sandbox.

edit: anyone wanna help me on a new project idea...?

load more comments (2 replies)
load more comments (2 replies)
load more comments (2 replies)