Slashdot Mirror
Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android
c0d3g33k writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Steve Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits. Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the 'dangerous and insecure' abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."
If Android becomes a closed dungeon, don't count with me. You, insensitive clods.
The only reason why I've really needed to root is to use my Dualshock 3 controller via Bluetooth. And I think that if only for that, rooting being gone and with it the ability to use the controller in such a way, would be a real let down..
stop phone carriers / oems from slowing down updates and force loading software that can't be removed.
also force unlocked sims on all android phones.
All applicable XKCD should just be in tags at top of Slashdot stories.
The issue is that those new APIs and extensions are NEVER provided because the hardware manufacturers and software providers don't want to provide them. Providing deeper access to the software and hardware means you can do more things, including circumvent protections and such. They'd rather make it as hard as possible to do this, and rooting is harder than using a sanctioned app.
In an ideal world, we'd have all the functionality we need straight up and "rooting" wouldn't even exist as a term.
important informations about this issue
Most things which required me to root my phone should be preinstalled
-backup
-firewall
-disable any service *which i do not need*
He's not talking about root going away, he's talking about reducing the need for it, in order to have much of the freedom provided by a rooted phone without the associated security risks. Whether or not root is available is a separate, and orthogonal question, and he clearly never wants to lose the ability to root, just the need.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
There's a certain well known Linux distro that starts with a disabled su command, because root prompts are evil. You can, however, use sudo, to run one command at a time.
Like, for instance, sudo bash.
You can provide a single API to let your user do what he wants. it's called admin access.
The good thing about Steve Kondik is that he's not a faggot. He's never put his erect penis inside another man's anus. Just because of that Steve Kondik is a manly man and deserves everyone's respect.
Faggots must die.
IT'S **MY** GODDAMN MOTHERFUCKING DEVICE, ***NOT*** YOURS.
Yes, I'm yelling, and now I have to type a whole bunch of lower case stuff so the lame lameness filter lets me post this, but you get the idea.
So the only people who will need it will be the carriers and NSA.
Wi-Fi carriers such as cable and DSL ISPs typically don't provide a subsidized tablet. Nor do cellular carriers outside North America and maybe Japan. So what do "carriers" necessarily have to do with rooting, especially with rooting a Wi-Fi-only device?
With no option to root your devices. How are you going to test both new and old Android versions on specific devices?
The thing is that the phone providers forces updates when new Android versions are available.
Owners with the same device model might be updated at different times.
Without root, you won't be able to perform a full test without having duplicate models, from different phone providers.
And you won't be able to test before its..too late.
Hopefully someone have been thinking about this.
-remove any app *which i do not want*
now we need to go OSS in diesel cars
According to how I understand the summary, Google or an Android distributor would be responsible for "providing additional APIs and extensions to the user", such as adding Dual Shock 3 support to Android's existing joystick API.
also force unlocked sims on all android phones.
How would that work on a CDMA2000 network, which doesn't use a SIM in the first place?
The first thing I noticed when upgrading to 4.3 was that my ad-blocker that works by altering the hosts file no longer works.
So Google is blocking one sort of APK, namely use of the hosts file as a crude DNS blacklist. Does this means we're soon going to lose another sort of APK, namely loading applications from unknown sources? Or am I clanging again?
there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.
so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.
there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.
to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.
this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.
basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.
Is Steve Kondik saying he wants to remove those features or remove the need for elevated privileges of those features? I read his article as the latter and that means an increase to the ability of the owner to use a device in ways that are unanticipated.
..will be when the end user can take *full* control of their own hardware without it.
Till then, FUCK THEIR NON_EXISTENT UPDATES and THEIR rules.
Manufacturers leave the gap where root is required, not the users.
Enough said.
Am I the only one irritated by this? It should be Steve "Cyanogen" Kondik, CyanogenMod is the ROM. FFS
I've never had a backup issue because there are apps for that
Some existing "apps for that" require root to backup or restore because they try to back up private data that belongs to another application.
and everything is in the cloud anyway
If you have more than a couple GB of data to back up, cloud backup becomes an expensive recurring fee compared to backing up to local physical media.
If Google plays fair with Android, who in their right mind would even worry about 'rooting' it. But this 'lock down' s**t that restricts what the user can do with their own device has to go.
Microsoft's fame and fortune resulted from Microsoft ending the 'lock down' situation that was universal with 'big tin' computing solutions from earlier times. Of course Microsoft didn't invent this freedom- but Microsoft surely proved it to be a sustainable and very profitable business model - giving the world a universal computing platform that met the needs of users and developers of all types.
If Google cannot break its habit of supporting 'lock down' on some devices, it should fork Android into 1984-Android, and OPEN-Android, so dirty hardware manufactures can opt for a locked down platform, and every other manufacturer can act like all those companies that built/build PCs that run Windows. The truth is that Google HAS effectively created these two versions of Android- it just won't publicly admit this fact for political reasons.
PS the open source community idiots do not help at all. Whining about so-called 'binary blobs', which are the 'drivers' we so happily install on Windows PCs, is completely counter-productive. Android does not have, and will never have 'open source' hardware, so why should we care when the manufacturers of hardware GPU or Audio blocks connect their proprietary driver software to their proprietary hardware? Do you not know just how crap open-source drivers prove to be, when a manufacturer provides enough technical info to allow such to be created?
Google stands at the edge of a precipice. A proper free open Android can easily become the world's replacement for XP/Windows 7 on general PC devices (this time using ARM, of course). But if Google stumbles (as it has with almost all of its initiatives that are not its search engine and related services) it will attempt to crudely monetise Android, and by doing so fall down the usual pit of total failure. The dreadful Google Glass and Chromecast are both warnings about Google's current wrong-headed thinking. Google is NOT offering services that simple run on Android. Google is perverting Android into the most crippled locked-down form simply to create devices to function ONLY to run its services. And by doing so, Google states it has absolute control over the nature of any app written for those services.
Just look how Google said "no adult uses for Google Glass". That's like a f**king camera company selling you a camera, and then telling you you better not use it to photograph people naked. But again, if Google really wants to do this, it can still fork Android, as I said earlier, and offer 1984-Android and OPEN-Android side-by-side to the hardware people, allowing it to have its cake and eat it too.
At least on Windows, it's fairly easy to remove all the preloaded programs. On my last phone (sidekick 4G) had so much preloaded junk and so little ram, it was constantly getting stuck for 10-15 seconds while loading / unloading swap files after exiting apps. I rooted it, got rid of about 10 useless apps and it solved all the phones problems. If they somehow lock down the android phones and remove root access, they need to also require all preloaded apps be removable.
You can build a representative sample from a used Nexus One, Nexus S, Galaxy Nexus, and Nexus 4 for fairly cheap. Or you can take advantage of the device diversity of your team of beta testers who brought their own devices.
I don't think its a Google problem, its the carriers.
---- Booth was a patriot ----
Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).
Or you could try supporting the concept of non-carrier devices by purchasing Nexus devices at "full price".
I have linux installed on my Asus Fonepad side by side with Android, allowing me to turn my phone/tablet into a nifty little netbook (using a bluetooth keybord). I like having a full LaTeX installation available, if I want to do some writing. It isn't clear to me that I could do this without root (especially if I want to run services on privileged ports). If I can't do this with Android 4.3, I will have to rethink upgrading to it, when it becomes available.
Best wishes,
Bob
Disabled does not mean forgotten. I had heaps of apps disabled on my phone. Yet once or twice a week I would get a Google Play notification to update [insert disabled and unused app].
I would be happy if they were just taking up space on my phone but as it is they annoyed me every other day.
That seems to be the #1 item on his list of "things that need APIs before root is unnecessary.
If nobody and NOTHING ever calls sudo, yeah.
Don't assume that all calls to sudo are you doing it on purpose. The risk is that malware could use sudo.
By way of comparison, Windows is somewhat similarly "secure unless you allow something to have elevated privileges". Compare that with a write-once DVD live system, where there is no such thing as altering the system.
Why do we give a toss what this half assed muppet has to say? He hasnt done anything of note in a couple of years now, CM dont write their own code, they get all the developers on forks to do it for them then intergrate it into their own ROM.
Or you could try supporting the concept of non-carrier devices by purchasing Nexus devices at "full price".
Good luck doing that in the United States if you happen to live where T-Mobile has poor coverage. CDMA2000 carriers in the United States don't use CSIM.
" all useful activities can be designed into the system so the 'dangerous and insecure' abilities [...] aren't needed."
The last time I heard that they created a committee that gave us Ada 83.
When will arrogant newbies finally learn the lessons of the past?! It is simply impossible to pre-design all useful activities into whatever you're developing.
Use it as a thought experiment to see if maybe there's an enhancement worth adding to your thingy, but never ever drink the kool-aid of belief.
Any distribution can remove root if they want to.
SELinux makes it easier to manage when you do. It does take getting used to.
Every release, the folks at Google decide that some other capability needs to be restricted, and some useful utility breaks. In 4.2, you don't seem to be able to enable airplane mode from third party widgets anymore, for example. Google really needs to introduce a class of trusted privileged applications that can do stuff like that. If Google doesn't do anything about this, I'm going to switch to something else because it is getting really frustrating and annoying.
You people are gleefully participating in the relinquishing of control of your own property.
Move along, nothing to see here. https://plus.google.com/100275307499530023476/posts/aYgumDrwA1d
we want more root access, not less. and we want to make it easier to obtain. we want to completely restore all account management functionality to Android, so it's just like Linux outside of the box. we always want the ability for people to manage their phones and have full system access. we also want to make it as PC like as possible, none of that sandbox and apps only shit. we want scripts, automation, compile software, and ability to run what we want on our phones.
Pretend you used unix from the start and the web comes along decades later and you have your stuff set up all nice and lo and behold all seventeen web pages work and nearly 700 people a year look them and next thing you know your buddy wants his bread clip collection to have it's own home page and your girlfriend's friends wants to put an anthology of lesbian vegan poetty online so you go fuckit and cut and paste their stuff up then that want to update it themselves so you show them vi wish them the best of luck and get back to fixing sendmail.
Fast forward years later and 300 people are using your stuff and you've written enough tools so you never have to talk to them again they can be busy little beavers updating merrily and rarely call. When they so you slip into root, fiddle with something and they're done.
Now, when you have root on a web server it's very different from having one user account on a machine and the later is really how you want to do this. It's convenient as hell to be logged in as root all the time, everything works. But it's really not a good idea. So in the past decade everybody I know has tried to do that. And it seems to work. With enough stuff in place you really don't need root in normal operation. In fact I'd go so far as to say other than catastrophic failure or radically new hardware there is never any reason to use root that can't be accomplished by the proper tool. I'm 99% sure this is true. Maybe 99.9.
So, I don't see why the android/root issue is any different from what happened with unix as we went from logging into a VT-100 as root to now where it's been years since I've had to.
So I think his point is very valid. Doesn't mean this doesn't bother me though; if I pay for it I get to decide what fucking code it will run and thank you very much, I'm not buying a service here.
I think in the end companies that make more sensible hardware will do better than ones that pull stupid stunts like this. One has to wonder where the real motivation behind it originates.
Need Mercedes parts ?
As far as I see it on android, you don't need root to do much, but you will need it for the things the OS developer didn't think you needed.
First time I rooted was because I wanted to set the clock using NTP. Something the devs didn't think of.
The more of those needs are covered in the normal Android app scheme, the less need for root there will be. For instance, add the possibility of an app to restore and backup the entire OS and you wouldn't need root for that. (But how do you separate that from just accessing the file system at will?)
Add the possibility of an app to remove/disable any other app, and you wouldn't need root for that. Etc.
But there'll be things you didn't think of. Always.
Which brings me to the point where I think that the security of android is stupid in the first place. Too many apps ask for too much -
but this I take it is because the security system isn't fine-grained enough. Maybe this is fixed in later Android versions, but
- access to read/write my sd-card? Seriously, limit this to one top directory on my SD card, I don't want every app to have access to my photos or my GPS traces or...
- GPS location? That would be nice if it was limited to when I want the app to know it. Webpages, games, etc, usually don't need to know this.
- etc, etc
But start to look at if it's possible to say "no" to some of the privileges the apps ask for, individually, instead of the whole app. I heard there's some variants of CM that does this already?
That root exists is an example of a poorly designed system. Something the Unix guys got rid of entirely when they wrote plan9.
If these proposed not-root APIs work as well as all the other APIs in Android, you'll still need root to work around them. Android is permanent beta and seems amazingly able to paint itself into a corner.
Everything users need to do could be achieved by adding the necessary APIs. But because they aren't there, we need to root the phones.
consider the point of ripping one's own DVDs to a DRM-free, neutral format to play back on their phone. Legal, but unsanctioned.
Legal in what country? Mr. Kondik, Google, and Slashdot operate in the United States, and tools for private-use DVD ripping don't appear to be clearly legal there (Universal v. Reimerdes).
Worst of all @ ISP level vs. Kaminsky bug redirection http://www.networkworld.com/news/2013/012913-dnssec-266197.html?page=3 & is also taken advantage of in its VERY NATURE vs. . Hosts work against each of those threats FOR YOUR BENEFIT, also gaining you speed you up via local hardcodes of your favorite sites in them also (also avoiding DNS totally that way along with dns request logs + DNSBL's you may not like). They also protect and gain you reliability vs. downed or redirected DNS servers.
APK
P.S.=> I had no idea GOOGLE was doing that on ANDROID phones but I have to agree with the person you quoted that since they're an advertising company, they'd love to do that - too bad they're opening the doors to malicious code in adbanners:
---
THE NEXT AD YOU CLICK MAY BE A VIRUS:
http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus
---
More dangerous to click on an online advertisement than an adult content site these days, Cisco said:
http://www.securityweek.com/easier-get-infected-malware-good-sites-shady-sites-cisco-says
---
... apk
There can be only one! (thunder clashes at the might of the all powerful root)
Worst @ ISP level (vs. Kaminsky bug redirection) http://www.networkworld.com/news/2013/012913-dnssec-266197.html?page=3 & is also taken advantage of in its VERY NATURE vs. fastflux + dynamic DNS utilizing botnets.
Hosts gain you reliability vs. downed DNS servers & protect you vs redirected DNS servers as well as securing you vs. known malicious sites/servers/hosts-domains online http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 (and even block phishing/spam mail malicious links).
Hosts work against each of those threats FOR YOUR BENEFIT, also gaining you speed by blocking ads, AND via local hardcodes of your favorite sites in them also (also avoiding DNS totally also avoiding dns request logs + DNSBL's you may not like).
AdBlock "souled-out" to Google, Ghostery = advertiser owned (Fox guarding the henhouse).
APK
P.S.=> I had no idea GOOGLE was doing that on ANDROID phones! Thus, I agree with you since they're an advertising company, they'd love to do that (& according to you apparently they are) - too bad they're opening the doors to malicious code in adbanners that way, and yes, that happens:
---
THE NEXT AD YOU CLICK MAY BE A VIRUS:
http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus
---
More dangerous to click on an online advertisement than an adult content site these days, Cisco said:
http://www.securityweek.com/easier-get-infected-malware-good-sites-shady-sites-cisco-says
---
... apk
>. the prompt shows which application
When people open a root app and they get the same prompt they always get, they don't re-read it every time. They also don't get suspicious when the first click on "Ok" doesn't seem to work - the "same" prompt is still there.
> I'd be surprised if su applications don't [control the video memory]
Welcome to surprised.
How in the world can you spell? Clearly you absolutely refuse to learn anything from anyone.
Some of your thoughts are reasonable guesses. Thing is, you don't have to stick to those guesses when you're presented with facts by people who have actually done it.
Want to see an for yourself that it's possible for apps to ACCIDENTALLY overlay the prompt? Download open roads voyager, set it to overlay buttons, and open a root app.
There was a post about GNU Replicant, an Android port, here a few days ago. Remember that GNU free software does not have any DRM or restrictions in functionality. The project looks pretty good so far, I'm excited to see if they keep up development on it.
"ARM, the platform that has no root!"
All I really lack in Android is sshfs, ssh -X, and a decent X server (like the ones the X teminals provided decades ago) to be present and all work well together.
Nothing that isn't usually available for free in any normal Linux system. All that would be needed is for Google not to take them out.
Oh yes, a decent Linux-supported file system on large external sd cards wouldn't hurt.
-- hendrik
--Konrad, All Tomorrow's Parties
Welcome to the Panopticon. Used to be a prison, now it's your home.
providing APIs and extensions to the user for whatever the wireless provider thinks the user needs
I own a Netgear AP and rent a modem from Comcast. So who is my Nexus 7 tablet's wireless provider?