“Nah man, you should just install this terminal app and memorize 500 shortcuts to go back one directory”

You are viewing a single thread.
View all comments View context
20 points
*

The “root user” concept is so bad for security, and the first thing a new user learns is “if something doesn’t work, try it with sudo”. You figure that out before you even know what sudo does.

permalink
report
parent
reply
10 points

Its a terrible model. honestly, the existing Unix/ring(n) model and the windows user model don’t work for modern, single-user devices.but do much hardware and software architecture is built around it that it’s hard to switch at this point

permalink
report
parent
reply
3 points

I feel like Microsoft is also just incredibly lazy. I think they could come up with a way to do sandboxing in at least a migratable way (so still-maintained applications can opt-into it) like they sorta tried with UWP, but there’s just no money in it. Plus they do security consulting stuff so it’s not like vulnerable software hurts their profits much.

permalink
report
parent
reply
9 points

I mean this is also how it works in Windows with Admin mode, but I think I’ve had to use sudo to do many more things than I had to use admin in windows.

permalink
report
parent
reply
7 points

Yeah, Windows uses the same flawed permissions model but in Unix so many tasks require root access. It reminds me of Vista’s UAC implementation where it prompted for admin access so often a lot of people just turned it off.

permalink
report
parent
reply
5 points

it’s because most distributions don’t build and install packages with user permissions. check out home-manager for a fix to this.

permalink
report
parent
reply
3 points
*
Deleted by creator
permalink
report
parent
reply
3 points

“this doesn’t work, try it with sudo” is a recipe for bricking your machine.

permalink
report
parent
reply
2 points

How do you avoid the “root user” concept tho? What’s the alternative?

permalink
report
parent
reply
2 points

There’s higher resolution privilege approaches that aren’t on/off but you’ll typically see those in the form of manually configured user profiles and stuff. things the average desktop user just doesn’t care for.

permalink
report
parent
reply
2 points

If you download a mobile app, you get asked all kinds of things, like whether you want to allow location, access to the local network, file access, etc. (what things should the program be able to do and know). Desktop and server operating systems mostly don’t have these because they were developed so long ago (and Micro$oft is lazy and incompetent).

permalink
report
parent
reply
1 point

The best solution that’s been proposed IMO is something called capability based security, which allows a hierarchy of trusted brokers to delegate very specific permissions for specific resources (files, hardware access, system calls) to applications. Rather than having the applications run as a “user” and inherit all the users permissions, the application is passed cryptographically secure “keys” representing a temporary permission to perform specific actions on a resource.

That’s a big change to existing models though, a less dramatic solution would be applications running under an unprivileged user context then specifically requesting access to various features and files, like the Access Control List system Android layers on top of Linux (“do you want to allow this application to make phone calls etc.”) or having multiple user accounts with varying privileges and applications requesting temporary permissions to run under the required user rather than having one big root account that does everything and everything needs access to.

The big problem with the root user is that for every privilege you choose to restrict to the root (or administrator), as soon as an application needs to perform one of those actions it must also get access to every single other interface protected by the root user account. Configuring network interfaces requires root access, but anything allowed to configure a network interface automatically is also allowed to read and write every single file on the system, including drivers, the kernel code and the boot structures.

permalink
report
parent
reply

technology

!technology@hexbear.net

Create post

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

  • 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
  • 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
  • 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
  • 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
  • 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
  • 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
  • 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

Community stats

  • 16

    Monthly active users

  • 5.1K

    Posts

  • 60K

    Comments