Marvin Simkin wrote:
> I respectfully disagree with this proposal and maybe we should discuss it.
>
> Being a member of the admin group is NOT 100% equal to being root.

Well, almost. Given that admins have write access to /Applications/,
they can install trojans there, which will be run by all users.

The main purpose - IMHO - of root is to protect users from each other,
not to protect the system binaries (the latter is just a necessity for
the former), so that's already failing here.

Even though theoretically useless, the prompt does have a practical value:

Applications which are not outright illegal, i.e. from normal companies,
and therefore would not employ above techniques, may still harm the
system by installing dangerous or misbehaving binaries in /System/ et
al. A lot of Mac apps are just bundles which can be "installed" by
simply copying to /Applications/ or elsewhere, and similarly
uninstalled, and don't affect the system (modulo trojans). Some come
with installers just to show the license or similar silliness. When I
install an app and I get asked for a root password, that is sign for me
that the app will deeply change the core system and thus alter the
behaviour of the machine even when the app is not running. Maybe half of
the time, I deny the request and stop the installation.

For me, a Yes/No dialog box instead of password entry would achieve the
same, but I find *some* barrier to root useful in many realworld
situations, even if it doesn't protect from trojans. I think it also
makes sane app vendors try to avoid requiring the system priviledge,
which is a huge actual gain.

It does provide some false sense of security, but so does the user/root
separation on single-user machines. (Esp. most Linux geeks have this
false sense.) A malware program running under my user account already
has access to my files - rooting the system doesn't gain much.
Exceptions: network sniffing and special (and rare) solutions to protect
certain files.

[ reply ]