Wow... that's pretty bad. I just tried it and it works.
I hope they roll out a fix soon -- it's a little scary to think that each keystroke is going to both the current application and an invisible, root-level command prompt.
For example: flash your own image (without root, you can only flash image signed by T-Mobile/Google/HTC; how good is to have access to source code, if you can't build it and run it on real device?), create VPN connections, write useful bluetooth profiles like DUN (tethering done correctly) or A2DP. What you can do with root access is much longer list than what you can do the Google blessed way.
The "if you've done nothing wrong, you've nothing to hide" argument in another disguise.
You're the one (as much as) arguing in favour of expending effort, adding code and complexity to restrict my root access, the burden is on you to justify doing so, not on me to refute it.
True, you wouldn't type a delete command in normal conversation, but you have to feel sorry for the guys in the bug report who were running ssh sessions on their phones... They were typing UNIX commands and thus were at a much higher risk of harm.
You wouldn't need the "sudo" -- it's a root-level prompt.
(Hmm... typing "make me a sandwich" unfortunately has no visible effects...)
This probably isn't Google's fault, it's probably the fault of someone on the T-Mobile team or at HTC who accidently left this running on the OS image put on the phones.
The worst bug ever is the arithmetic mistake made by a programmer of a FORTRAN program which crashed a probe to Venus. Millions of dollars down the drain just like that, and just a simple programming error.
That may be the most costly bug ever in terms of money, but there have also been a (small) number of human fatalities resulting from software bugs. Those are arguably much worse than the Venus probe.
So the worst bug ever is being logged in a as root on my own device? I can see why this may not be a good idea, particularly on a phone, but it's certainly not the worst bug ever as far as I'm concerned. This is blown out of proportion.
25 comments
[ 4.6 ms ] story [ 65.4 ms ] threadI hope they roll out a fix soon -- it's a little scary to think that each keystroke is going to both the current application and an invisible, root-level command prompt.
You're the one (as much as) arguing in favour of expending effort, adding code and complexity to restrict my root access, the burden is on you to justify doing so, not on me to refute it.
You wouldn't need the "sudo" -- it's a root-level prompt.
(Hmm... typing "make me a sandwich" unfortunately has no visible effects...)
But I'm not a malicious person, so I'll only reboot it just to check it out.
Seems like it was an easy bug to find and temporarily patch. An official fix will probably come soon.
http://en.wikipedia.org/wiki/Therac-25
You'll need to do this after each reboot of the phone.