[charcircuit]

No, getting root permissions should not be possible. Having a concept of a super user which can do whatever they want is bad for security and doesn't follow the principle of least privilege. There are better ways for an OS to offer functionality than requiring such a dangerous concept to exist.

The fact that desktop and server Linux distros still have a root account, have sudo, or said binaries is evidence of how far behind they are in terms of security.

[themoonisachees]

The entire web runs linux successfully and securely. Suggesting that Linux is insecure is mad, especially given the attack surface.

[charcircuit]

Considering there are websites that get bruteforced into that have a weak root password setup over ssh that is not true. Considering in the past there have been LPE exploits to get root it is relevant that root exists. Even without a LPE if you make a malicous NPM dependency which you have someone install on their server you can make it so that the next time the user issues sudo it steals the root password and runs malware as root. These things are bad for security. If you are not hearing about Linux users being hacked, or exploits that could have had their harm minimized, that is ignorance from you.

[rezonant]

MacOS also has sudo.

[charcircuit]

and iOS, a newer OS where Apple could easily redo their security model while ignoring legacy baggage does not have sudo.

[dTal]

The superuser on iOS is Apple. Apple can do whatever they want, to any iPhone, whenever they want.

Final, ultimate control must always be vested somewhere. Your argument is that it's "more secure" for it to be in the hands of a profit-seeking corporation than in the hands that are holding the device.

[charcircuit]

>Your argument is that it's "more secure" for it to be in the hands of a profit-seeking corporation than in the hands that are holding the device.

Yes. The identity a company like Apple is known and trusted. The person holding a device is not a known identity. This is unrelated to not having sudo though. Take for example the ping command. There is no reason why the user must have access to an account that has ultimate control over the device to use ping. ping should be possible to be used by a normal user. This could be implemented with a ping daemon that run with a dedicated user that has the capability to use raw sockets, and then normal users have a ping client that talks to such daemon. You can come up with everything someone would need root for and define a more secure way to offer that functionality to the user.