Idea on root privileges
I’m just an amateur JavaScript addict, and I know virtually nothing about OS programming, but something occurred to me the other day. Someone probably came up with the same idea a long time ago and decided it wasn’t practical or something, but as a mere layman on the subject, I see no reason why it couldn’t be done.
So, my idea is to have the operating system keep some sort of record of processes that are allowed to run with root1 privileges, and have software, upon installation, register with the operating system any such processes it needs.
To explain my point, let’s make the following assumptions:
- The operating system has a reliable way of identifying processes that are about to be spawned.
- The operating system keeps an encrypted record of processes that are allowed to run with root privileges.
- It requires authentication by a user with root privileges to install software that can obtain root privileges.
- Software must register any processes it needs root privileges for with the operating system upon installation.
- The operating system bluntly disallows any processes it doesn’t know about to run with root privileges.
- No (known) privilege-escalating exploits are present.
If those conditions are met, it seems to me that it would be nearly impossible for any malware to surreptitiously obtain root privileges, and thus do damage to the system. It could still erase, steal and/or otherwise abuse the user’s data, but that’s a problem that falls outside the scope of process privileges.
Again, I’m probably missing something here, otherwise operating systems would likely be doing all this stuff already. But if that is the case, I would be curious to know why then it’s not feasible. So if you have any comments on the matter, please don’t hesitate to leave them!
1. Or administrator, or superuser, or whatever. ↩
Hmm, isn’t this sort-of what Symbian, Android and iOS (and WebOS?) are doing? They prompt you during installation which functions of your device they are allowed to use. If the developer forgets a permission, the app is out of luck and can’t use that component. Now that you write it like this, I wonder how long it will be before Windows and Mac OS X start doing this as well.
I think it didn’t happen before because the users where expected to be smart enough to know what they are doing, so they didn’t need something. But that would only explain it for OSses before Windows XP or Mac OS X. So, you and I are probably missing the same thing
That’s a somewhat higher level, asking the user for access to specific features. But it’s in the same ballpark. In my humble opinion, desktop operating systems should indeed do at least something like that.
Yes, it is a bit higher level (the asking the user part) but the developer still has to set which permissions are used and the OS (or, in Androids case, the Dalvik VM) enforces that the app can only use those functions.
Shall we just agree that it is strange that nothing like this is implemented yet?
Agreed.