this post was submitted on 04 Apr 2024
1019 points (98.8% liked)

linuxmemes

20880 readers
11 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -3 points 7 months ago* (last edited 7 months ago) (2 children)

The issue is that you don’t want to give some random untrusted process root access. You, the user, have root access as long as you’re capable of running processes as root, but that doesn’t mean you should.

There could be tons of apps on the iOS App Store or Google Play Store that are completely benign under the existing security model but do nefarious things when run as root. No one knows that for sure because they aren’t tested under root by Apple or Google.

The problem with root is that it’s giving the process the keys to the Ferrari. That’s long since been decided to be a bad security model. Far better to have the process request permission to access particular resources and you grant them on a case by case basis.

[–] [email protected] 11 points 7 months ago* (last edited 7 months ago)

The issue is that you don’t want to give some random untrusted process root access.

It's been awhile since I've used anything but Magisk but usually you have to set root permissions per app, or you can get Magisk notification to request access.

[–] [email protected] 6 points 7 months ago (1 children)

I just want to point out, that what you are saying sounds good in an ideal world. But the realitiy looks different. (I actually typed out some points, but then I remembered that I don't want to engage in yet another lengthy internet-debate, that ultimately comes down to personal preferences and philosophy)

[–] [email protected] 2 points 7 months ago

Ah but I love reading these specific philosophical discussions on tech, I don't blame you though