[Enhancement] Grant root access to applications

[FrancescoAnconia]

It would be great to have a possibility to grant root access to selected application, such as firewalls, IMSI catcher etc. Cyanogenmod offers this feature in the developer options.

[thelifeofjay]

This won't be happening.

Rooting and granting root to applications is not what CopperheadOS is about. Cyanogenmod may very well offer certain functionality but they are not in the security business. Granting applications (that may have various stages of vulnerabilities or developer issues) privileged access can undermine the security of the ROM.

[thelifeofjay]

This won't be happening.

Rooting and granting root to applications is not what CopperheadOS is about. Cyanogenmod may very well offer certain functionality but they are not in the security business. Granting applications (that may have various stages of vulnerabilities or developer issues) privileged access can undermine the security of the ROM.

[thestinger]

There's no reason features like a configuration UI for the firewall need root access exposed to applications. CopperheadOS is not going to break Android's security model by exposing a huge whole like that. CyanogenMod's su is a privilege escalation hole exposed to the whole OS. Bugs in the su implementation are local root vulnerabilities. We found and reported some ourselves and there are going to be more.

[thestinger]

There's no reason features like a configuration UI for the firewall need root access exposed to applications. CopperheadOS is not going to break Android's security model by exposing a huge whole like that. CyanogenMod's su is a privilege escalation hole exposed to the whole OS. Bugs in the su implementation are local root vulnerabilities. We found and reported some ourselves and there are going to be more.

[vanitasvitae]

You can flash superuser from recovery if you need root access. I'm using superuser from phhusson (http://superuser.phh.me/). Keep in mind that this adds to the attack surface though.

[vanitasvitae]

You can flash superuser from recovery if you need root access. I'm using superuser from phhusson (http://superuser.phh.me/). Keep in mind that this adds to the attack surface though.

[FrancescoAnconia]

Thanks for your answers. I understand your reasons to not provide such functionality in the standard build. However, I need root access to install orwall (or orbot as transparent proxy) and snoopsnitch on our devices. Maybe you could integrate such tools in the standard or an enhanced build in a future release? In the meantime I'll try the solution vanitasvitae proposed.

[FrancescoAnconia]

Thanks for your answers. I understand your reasons to not provide such functionality in the standard build. However, I need root access to install orwall (or orbot as transparent proxy) and snoopsnitch on our devices. Maybe you could integrate such tools in the standard or an enhanced build in a future release? In the meantime I'll try the solution vanitasvitae proposed.

[thestinger]

Orbot does now have support for using Android's VPN support for transparent proxying.

[thestinger]

Orbot does now have support for using Android's VPN support for transparent proxying.

[onodera-punpun]

Sorry for necro posting, but @vanitasvitae could you please elaborate some more on how to do this?

[onodera-punpun]

Sorry for necro posting, but @vanitasvitae could you please elaborate some more on how to do this?

[fschwebel]

You know the story about Linux not preventing people from doing stupid things, in order to allow them to do intelligent things? Well, it seems to me that you took the opposite decision here. And by doing so you are also leaving the privacy of users as compromised as it is on AOSP, with the pretext of not "breaking Android's security model", which is flawed. You also seem terribly sure of this decision, while it doesn't look to me as sound as you seem to think it is. I mean that in a respectful way of course as I love the project, but you really don't think it could make sense?

[fschwebel]

You know the story about Linux not preventing people from doing stupid things, in order to allow them to do intelligent things? Well, it seems to me that you took the opposite decision here. And by doing so you are also leaving the privacy of users as compromised as it is on AOSP, with the pretext of not "breaking Android's security model", which is flawed. You also seem terribly sure of this decision, while it doesn't look to me as sound as you seem to think it is. I mean that in a respectful way of course as I love the project, but you really don't think it could make sense?

[thelifeofjay]

@fschwebel correct - we are absolutely certain we will not be granting Root access to applications for CopperheadOS. Please note that this thread is closed. Rehashing arguments will only irritate the product's developers.

[thelifeofjay]

@fschwebel correct - we are absolutely certain we will not be granting Root access to applications for CopperheadOS. Please note that this thread is closed. Rehashing arguments will only irritate the product's developers.

[thestinger]

And by doing so you are also leaving the privacy of users as compromised as it is on AOSP

I don't understand what that's supposed to mean. Reducing the security of the system does not increase privacy. Privacy and security features should be properly implemented rather than hacked together based on requiring root access at the application layer which otherwise does not exist at all for very good reasons. An application with root access is a huge extra attack surface that's not otherwise there, not to mention the root implementation itself and the holes it makes in the security model.

[thestinger]

And by doing so you are also leaving the privacy of users as compromised as it is on AOSP

I don't understand what that's supposed to mean. Reducing the security of the system does not increase privacy. Privacy and security features should be properly implemented rather than hacked together based on requiring root access at the application layer which otherwise does not exist at all for very good reasons. An application with root access is a huge extra attack surface that's not otherwise there, not to mention the root implementation itself and the holes it makes in the security model.