Weekly Edition
Return to the Distributions page
| |||||||||||||
Kondik: The death of root
One significant change in the Android 4.3 release is that it has become
harder to obtain and make use of root privileges. Steve "Cyanogen" Kondik
ponders
how CyanogenMod will respond to this change; it may not involve
restoring easy root access. "+Koushik Dutta and +Chainfire are
working hard to permit root in some way on 4.3, but I feel that anything
done at this point might severely compromise the security of the system and
we should start considering better options. Going forward, I'm interested
in building framework extensions and APIs into CM to continue to abolish
the root requirement."
(Log in to post comments)
Kondik: The death of root Posted Jul 28, 2013 15:05 UTC (Sun) by Rubberman (guest, #70320) [Link]
Without root (admin) access to your systems, you don't own them! Yes, getting root/admin access should be non-trivial to accomplish, but making it impossible is IMO, no less that saying "you don't own your stuff"! Unacceptable!!!
Kondik: The death of root Posted Jul 28, 2013 15:20 UTC (Sun) by job (guest, #670) [Link]
It's a bit more complex than that. Please read the article.
Kondik: The death of root Posted Jul 28, 2013 18:00 UTC (Sun) by luto (subscriber, #39314) [Link]
For example, it seems that no one is proposing the removal of the adb root shell. The discussion is about replacing root *apps* with real APIs to do what the apps are doing.
Kondik: The death of root Posted Jul 29, 2013 6:52 UTC (Mon) by drago01 (subscriber, #50715) [Link]
Which is from a security POV the right thing to do.
Kondik: The death of root Posted Jul 30, 2013 19:25 UTC (Tue) by rahvin (subscriber, #16953) [Link]
Yes it is, but I don't like what's driving this change. This is coming about because of Google's recognition that the devices once sold are almost never updated beyond a 6 month window where they become abandonware. Google is trying to close long term exploit possibilities by implementing even stricter security. The security in the long run (if the API's are implemented) will be a good thing but I'd rather see Google force the manufacturers and telecom's to update to the latest version of Android. This one off system that turns every phone into abandonware after 6 months is just not sustainable.
Kondik: The death of root Posted Jul 31, 2013 12:03 UTC (Wed) by k8to (subscriber, #15413) [Link]
In short, the solution is more openness, not more lockdown.
Or force them to open their systems to user modding Posted Aug 3, 2013 11:48 UTC (Sat) by jjs (guest, #10315) [Link]
I'd settle for being able to flash the latest Cyanogenmod onto my devices. In both cases the last OTA update from the manufacturer was to lock the device down so it couldn't be user updated (I've learned, will not buy a device from those manufacturers again - unless they publicly reverse direction, ideally by announcing not only the ability to unlock, but that all future phones / tablets will be flashable, and donate the HW coded they own to the phones to Cyanogenmod officially).
Kondik: The death of root Posted Jul 28, 2013 15:29 UTC (Sun) by raven667 (subscriber, #5198) [Link]
While true, it is also true that you shouldn't _need_ special privileged access for day to day management of the device, that normal tasks should be do-able without magic all-access-control-is-off privileges.
Kondik: The death of root Posted Jul 28, 2013 18:20 UTC (Sun) by jimparis (subscriber, #38647) [Link]
> While true, it is also true that you shouldn't _need_ special privileged access for day to day management of the device, that normal tasks should be do-able without magic all-access-control-is-off privileges.
Agreed, special privileges should only be required for special situations. But they come up, and as an owner of the device, I need the ability to gain those privileges as needed -- not just through ADB. If gaining root locally on the device is rendered impossible, that would really suck.
For example, my USB port is acting up in my Galaxy Nexus, which causes the screen to turn on randomly. It's a hardware problem, as discussed at http://code.google.com/p/android/issues/detail?id=39625, and the real fix is to replace the USB port. The next best fix would be to replace the kernel driver with one that can suppress spurious signals from the USB charger detection chip, but I'm running the stock OS and that's not trivial. Instead, I used the unlocked bootloader to install a small setuid root app that uses direct I2C writes to enable or disable the interrupt line on the offending chip. I use shortcuts to toggle it from the home screen. A hack for sure, but it's turned out to work wonderfully.
It sounds like upgrading to 4.3 is going to make that process (which only took about an hour to figure out and set up) significantly harder for me, and replacing the hardware is probably going to be a more attractive solution. Which I don't like at all -- software should do my bidding, not force me to write even more software or hack on my hardware. Whatever CM comes up with in their version of Android is very unlikely to cover this sort of use case.
Kondik: The death of root Posted Jul 30, 2013 4:12 UTC (Tue) by malor (subscriber, #2973) [Link]
Remember that, on phones, you sorta don't anyway. The baseband code, which is what actually talks to the hardware, is generally a binary blob, and it's known that, at least in some cases, that binary blob can be used to turn your cellphone into a roving wiretap.
Having root doesn't stop that. It's possible that even having the baseband code may not stop that, as this sort of thing can be easily baked directly into the silicon by a company that can be leaned on by the NSA.
So root is a good thing to have, for sure, but it doesn't mean what we *think* it means on PCs -- and it may not even mean that much on PCs. There's a lot happening now, under the operating system, that we can't easily see or inspect.
The baseband code might be closed... Posted Jul 30, 2013 13:27 UTC (Tue) by dps (subscriber, #5725) [Link]
At least where I live, and probably elsewhere, the mobile frequencies are regulated and you need some sort of certified widget to use those frequencies. You presumably can't be allowed to replace the certified baseband code with your own uncertified replacement.
This is not an issue for my andriod device: it is not a phone so I can safely allow apps to make international premium rate phone calls in complete safety.
My (GSM) phone is just a phone: it can make a call, send a text message and very little else. Evil java monsters are not going it eat all my credit by calling international premium rate servers because the phone does not support them. Not being able to change things on my phone does not worry me that much.
As far turning your phone into a tracking and listening device then some of those features are standard---phone companies are *required* to able to locate your phone if you use it to make an emergency call. The NSA can probably persuade the phone company to turn into a bug too.
Kondik: The death of root Posted Jul 29, 2013 6:06 UTC (Mon) by heijo (guest, #88363) [Link]
Huh?
If he is talking about SELinux, it can be definitely configured so that selected applications are still all-powerful.
Alternatively, they can just add support for apps to include SELinux policies for themselves (which the user of course needs to specifically approve).
Kondik: The death of root Posted Jul 29, 2013 6:54 UTC (Mon) by drago01 (subscriber, #50715) [Link]
SELinux is the one thing the other is:
"The /system partition is now mounted nosuid for zygote-spawned processes, preventing Android applications from executing setuid programs. This reduces root attack surface and likelihood of potential security vulnerabilities."
http://developer.android.com/about/versions/jelly-bean.html
Kondik: The death of root Posted Jul 29, 2013 7:11 UTC (Mon) by rsidd (subscriber, #2582) [Link]
I use root for a linux chroot environment. Going by the comments, there are others who do that. If I can continue to type "su" in the terminal program and run (busybox) chroot, I'm happy, but it wasn't clear to me whether that is still possible. I rarely use adb.
Kondik: The death of root Posted Jul 29, 2013 7:38 UTC (Mon) by kugel (subscriber, #70540) [Link]
Since the "terminal program" is an ordinary app it appears you cannot do that anymore.
Kondik: The death of root Posted Jul 29, 2013 8:40 UTC (Mon) by rvfh (subscriber, #31018) [Link]
I suppose you forget about "su" and give chroot rights to busybox instead.
Kondik: The death of root Posted Jul 29, 2013 8:47 UTC (Mon) by rsidd (subscriber, #2582) [Link]
If that can be done, great! But won't you still have a root shell inside your chroot? And for it to work properly, one needs to bind-mount /proc, /dev etc inside the chroot, which also requires root as of now.
Kondik: The death of root Posted Jul 29, 2013 13:17 UTC (Mon) by edt (subscriber, #842) [Link]
No need to give up root (yet). su still works using superSU. I for one, am a member of the we need root on the device without adb camp.
Kondik: The death of root Posted Jul 29, 2013 10:39 UTC (Mon) by Wummel (subscriber, #7591) [Link]
That reminds me: this (cyanogenmod / modding android) is only possible because most of the android system is under a permissive open source license.
Sometimes I forget how important the license is and that with closed source *any* feature can be taken away in an instant. Articles such as the one above remind me about that.
Kondik: The death of root Posted Jul 29, 2013 13:36 UTC (Mon) by Mithrandir (subscriber, #3031) [Link]
I think you mean "strong free software license" rather than "permissive free software license". For comparison:
https://en.wikipedia.org/wiki/Permissive_free_software_li...
Oh, and Open Source and Free Software are also not the same thing, as Richard Stallman was at pains to make clear the last time I saw him speak. ;)
Kondik: The death of root Posted Jul 29, 2013 16:26 UTC (Mon) by drag (subscriber, #31333) [Link]
The important parts of Android are almost all going be licensed under Apache 2.0 stuff. So I guess that means 'weak copyright licenses' for Android remaining 'free' and 'open' if such a thing is possible.
Kondik: The death of root Posted Jul 30, 2013 3:59 UTC (Tue) by rsidd (subscriber, #2582) [Link]
That has nothing to do with this. The OP's point was that with free software (including Apache licence, which applies to most of Android) you can undo/reimplement undesirable upstream changes.
With "strong" free software licences (copyleft) the copyright holder can still release a new version under a restrictive licence -- just as they can with "weak" licences. But they can't take away previous versions from you -- and they can't with "weak" licences either.
The only difference is that you, as a third party, can't build a closed-source product using someone else's copylefted source code. Not relevant here.
Free Software and Open Source are different words for the same thing. Even RMS only says that the philosophies and motivations are different -- not that the licences are. And RMS and the FSF list the Apache licence, the BSD licence, the MIT licence, etc, as free software licences.
Kondik: The death of root Posted Jul 29, 2013 20:29 UTC (Mon) by bronson (subscriber, #4806) [Link]
You imply that it's impossible to mod completely closed platforms ("only possible because..."). I think the XBox, iPhone, and PS3 modding communities would be very surprised to hear this.
Kondik: The death of root Posted Jul 29, 2013 20:53 UTC (Mon) by jmorris42 (subscriber, #2203) [Link]
Since the latest Nexus device apparently trades easy root for Netflix DRM support, add Android to that list. Although it seems it took less than a week for rom managers to appear for it so Google probably just hid the "click here for root^W developer mode" item.
Kondik: The death of root Posted Jul 29, 2013 22:20 UTC (Mon) by luto (subscriber, #39314) [Link] To continue quashing this particular confusion: Android 4.3 is not trying to make it harder to tinker with the device -- it's just adding new security mechanisms to make it harder for malicious apps to break out of their sandboxes. For better or for worse, one of these mechanisms (/system mounted nosuid for apps) means that the usual /system/xbin/su mechanism doesn't work anymore.Once you're rooted your device (by exploiting something or by using the fastboot oem unlock mechanism), you are root. You just have to do something different to allow Android apps to be root as well. Chainfire's SuperSU has done this.
Kondik: The death of root Posted Jul 29, 2013 22:29 UTC (Mon) by drag (subscriber, #31333) [Link]
Bingo.
Don't buy a device from a manufacturer that seeks to squash your freedoms then you don't have to worry about it. Your money means a hell of a lot more to them then your opinion of their practices.
Android has some serious security issues to contend with and the sandbox approach just isn't cutting it. Hopefully SELinux will help seal off the biggest gaps.
Kondik: The death of root Posted Jul 30, 2013 3:03 UTC (Tue) by swetland (subscriber, #63414) [Link]
The changes around setuid binary access from regular app context are entirely about preventing malicious software from attempting certain classes of exploits, and have nothing to do with DRM, and have not changed the policy (allowing) or procedure (fastboot oem unlock) for replacing the entire OS on Nexus devices.
The latest Nexus devices are still flashable with third party builds by end-users -- you're welcome to replace the OS with your own AOSP build, Cyanogenmod, or whatever. If you want to build the OS without these safeguards, or even build it so every process runs as uid 0, nobody is stopping you. ^^
Kondik: The death of root Posted Jul 30, 2013 5:57 UTC (Tue) by MKesper (subscriber, #38539) [Link]
Hacking closed platforms may be fun and challenging but starting from an open platform gives you the same possibilities "for free". So, instead of buying any such thing better invest your time, money and effort into open platforms powered by Free Software.
|
|||||||||||||