Making it so that you can't overly share data with apps is not an issue with root not being available. That is an issue with the capabilities the os exposes to you.
The answer to every security issue not "add a backdoor".
> That is an issue with the capabilities the os exposes to you. The answer to every security issue not "add a backdoor".
Problem is, I strongly suspect we'd still be having the same discussion even if we were talking about "allow the user direct access to all files*" instead of "allow the user full root rights".
Because while some of those missing capabilities are "simply" a matter of it being too much effort to provide a dedicated capability for each and every niche use case (though that once again raises the question as to whether you prefer failing open, i.e. provide root as an ultimate fallback solution, or fail closed), with file access I guess that this was very much an intentional design decision.
What do you mean it's not an issue with root not being available. Root solves the problem, that's the whole point, when the OS doesn't expose the capability I want I can just read the file or piece of memory. The reason for root is that I want to have the failure mode be "ugh i have to go deal with the root security i've elected to have to do XXXX" rather than "well i guess i'm sol"
Problem is, I strongly suspect we'd still be having the same discussion even if we were talking about "allow the user direct access to all files*" instead of "allow the user full root rights".
Because while some of those missing capabilities are "simply" a matter of it being too much effort to provide a dedicated capability for each and every niche use case (though that once again raises the question as to whether you prefer failing open, i.e. provide root as an ultimate fallback solution, or fail closed), with file access I guess that this was very much an intentional design decision.