Forgot your password?
typodupeerror
Android Linux

Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android 240

Posted by timothy
from the ways-of-knowing dept.
c0d3g33k writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Steve Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits. Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the 'dangerous and insecure' abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."
This discussion has been archived. No new comments can be posted.

Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android

Comments Filter:
  • by Joe_Dragon (2206452) on Sunday July 28, 2013 @06:04PM (#44408473)

    stop phone carriers / oems from slowing down updates and force loading software that can't be removed.

    also force unlocked sims on all android phones.

    • also force unlocked sims on all android phones.

      How would that work on a CDMA2000 network, which doesn't use a SIM in the first place?

  • ObXKCD (Score:5, Funny)

    by Anonymous Coward on Sunday July 28, 2013 @06:05PM (#44408477)

    All applicable XKCD [xkcd.com] should just be in tags at top of Slashdot stories.

  • Fairly Obvious (Score:5, Insightful)

    by Nemyst (1383049) on Sunday July 28, 2013 @06:06PM (#44408481) Homepage
    The issue is that those new APIs and extensions are NEVER provided because the hardware manufacturers and software providers don't want to provide them. Providing deeper access to the software and hardware means you can do more things, including circumvent protections and such. They'd rather make it as hard as possible to do this, and rooting is harder than using a sanctioned app.

    In an ideal world, we'd have all the functionality we need straight up and "rooting" wouldn't even exist as a term.
    • Well, CynagonMod specifically has the ability to introduce new CM-specific APIs to allow this functionality.

      I know I would feel much better allowing an app to do something specific rather than give it blanket authority via root.

      PolicyKit for Android, perhaps?

  • In my opinion (Score:5, Insightful)

    by drolli (522659) on Sunday July 28, 2013 @06:10PM (#44408491) Journal

    Most things which required me to root my phone should be preinstalled

    -backup
    -firewall
    -disable any service *which i do not need*

    • Your forgot ... (Score:5, Insightful)

      by Skapare (16644) on Sunday July 28, 2013 @06:24PM (#44408569) Homepage

      -remove any app *which i do not want*

    • by icebike (68054)

      None of those are issues for me.

      All I want is to remove pre-installed bloatware so that I have more of what I want.

      I've never had a backup issue because there are apps for that, and everything is in the cloud anyway.

      • I've never had a backup issue because there are apps for that

        Some existing "apps for that" require root to backup or restore because they try to back up private data that belongs to another application.

        and everything is in the cloud anyway

        If you have more than a couple GB of data to back up, cloud backup becomes an expensive recurring fee compared to backing up to local physical media.

    • by Trogre (513942)

      Also:

      Change the device ID string so I can install some badly-packaged apps from Google Play that don't know about my tablet.

  • Bad summary (Score:5, Insightful)

    by swillden (191260) <shawn-ds@willden.org> on Sunday July 28, 2013 @06:10PM (#44408493) Homepage Journal

    He's not talking about root going away, he's talking about reducing the need for it, in order to have much of the freedom provided by a rooted phone without the associated security risks. Whether or not root is available is a separate, and orthogonal question, and he clearly never wants to lose the ability to root, just the need.

    • Re:Bad summary (Score:5, Interesting)

      by bmo (77928) on Sunday July 28, 2013 @06:29PM (#44408599)

      This.

      Just like Linus' justifiable rant about having to be root in SuSE to set up a printer.

      There are legitimate reasons why an end user should need Root/Administrator, but they should be as few as possible. Microsoft has seen the light and has tried to beat developers over the head with UAC to make them see the light. (a game needing admin to run? seriously?)

      --
      BMO

    • by c0d3g33k (102699)

      He's not talking about root going away, he's talking about reducing the need for it

      Submitter here. I'm probably a little thick, clearly Kondik meant something more subtle by naming his post "The Death of Root" than I was able to discern. Shame on me for taking that as a suggestion of where his thoughts might be turning.

      • I don't think there's anything wrong with your summary. The GP's criticism of it doesn't make any sense, given the entire article is about "the death of root" having already happened in 4.3

    • Having read the article, I don't think that's a good summary of what he's saying at all.

      Kondik is saying that Android 4.3 makes it harder to obtain root, with root via ADB being the only real root available. He's also saying that this is OK, because if he needs something that would normally need root, he doesn't actually need root because he pretty much already owns the operating system - he runs CM, and has the ability to modify it to do what he wants.

      Kondik's not talking about reducing the need for r

  • by hibiki_r (649814) on Sunday July 28, 2013 @06:15PM (#44408519)

    There's a certain well known Linux distro that starts with a disabled su command, because root prompts are evil. You can, however, use sudo, to run one command at a time.

    Like, for instance, sudo bash.

    You can provide a single API to let your user do what he wants. it's called admin access.

  • by lkcl (517947) <lkcl@lkcl.net> on Sunday July 28, 2013 @06:32PM (#44408613) Homepage

    there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.

    so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.

    there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.

    to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.

    this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.

    basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.

    • the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.

      Indeed, but in the case of SE Linux the Five Star General ( root ) is also the guy who writes the rules about where he is allowed to go and what he is allowed do ( SE Linux config ).

      SE Linux doesn't make root go away, it just usefully reduces the need for root day-to-day. But root is still the key capability in configuring the environment.

      And Linux distros always have a way for root to disable boot-time or run-time SE Linux.

  • Enough said.

  • Am I the only one irritated by this? It should be Steve "Cyanogen" Kondik, CyanogenMod is the ROM. FFS

    • by c0d3g33k (102699)

      My bad. Sorry. You are fully justfied in being irritated. I was in a hurry and given the amount of poorly explained stories, I didn't just want to throw "Steve Kondik" out there and expect people to recognize the name. So I picked his pet project, rather than his nick.

      • by segin (883667)
        If someone doesn't recognize the name, then they know how to Google, and if they still can't Google, then either the article isn't for them to begin with, or they shouldn't be reading Slashdot to begin with.
        • by c0d3g33k (102699)

          Nonsense, segin.

          Effective communication is the responsibility of the presenter, not the audience. Apart from the very rare instance where the audience is forced to attend, they are indulging the presenter. If the presenter doesn't deliver, the audience goes away. Telling the audience they didn't work hard enough will only make them go away faster.

          You must be quite the hit at parties and social gatherings:

          "Hey baby, I can light your fire better than Ivar Kreuger. Wanna light *my* matchstick? What? Who

  • At least on Windows, it's fairly easy to remove all the preloaded programs. On my last phone (sidekick 4G) had so much preloaded junk and so little ram, it was constantly getting stuck for 10-15 seconds while loading / unloading swap files after exiting apps. I rooted it, got rid of about 10 useless apps and it solved all the phones problems. If they somehow lock down the android phones and remove root access, they need to also require all preloaded apps be removable.
  • I have linux installed on my Asus Fonepad side by side with Android, allowing me to turn my phone/tablet into a nifty little netbook (using a bluetooth keybord). I like having a full LaTeX installation available, if I want to do some writing. It isn't clear to me that I could do this without root (especially if I want to run services on privileged ports). If I can't do this with Android 4.3, I will have to rethink upgrading to it, when it becomes available.

    Best wishes,
    Bob

  • Every release, the folks at Google decide that some other capability needs to be restricted, and some useful utility breaks. In 4.2, you don't seem to be able to enable airplane mode from third party widgets anymore, for example. Google really needs to introduce a class of trusted privileged applications that can do stuff like that. If Google doesn't do anything about this, I'm going to switch to something else because it is getting really frustrating and annoying.

  • by JayRott (1524587) on Monday July 29, 2013 @12:06AM (#44409877) Journal
    Move along, nothing to see here. https://plus.google.com/100275307499530023476/posts/aYgumDrwA1d [google.com]
  • Pretend you used unix from the start and the web comes along decades later and you have your stuff set up all nice and lo and behold all seventeen web pages work and nearly 700 people a year look them and next thing you know your buddy wants his bread clip collection to have it's own home page and your girlfriend's friends wants to put an anthology of lesbian vegan poetty online so you go fuckit and cut and paste their stuff up then that want to update it themselves so you show them vi wish them the best of

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...