undefined | Better HN

0 pointsyupyupyups6mo ago0 comments

Someone can correct me if I'm wrong.

If the GUI stack is vulnerable, then those sandboxes could be broken out of. The idea behind not allowing an app to access root is to remove the attack surface introduced by the GUI stack. An alternative interface to a GUI would be some physical connection (like usb-c). So accessing root exclusively via a console port or USB would be safer in theory.

This is true regardless if it's a phone or a PC.

Desktops are unfortunately waaaay behind something like GrapheneOS or iOS in terms of sandboxing. The closest in the desktop world is Qubes OS, but that's not a realistic alternative to normal OSes for the common user.

0 comments

jampekka6mo ago

Running GUI programs as root has been discouraged more or less always. Nowadays GUI programs that need root request it, via e.g. PolicyKit, for the specific operations it is needed.

I very much don't want to have some external device to have root access to my computer.

If iOS type sandboxing where I can't access most of the data at all is ahead, I'm glad to be behind.

j / k navigate · click thread line to collapse