Root for apps such as Termux? How dangerous is rooting Graphene?

fosh19991

Hey there,

I'm a long-time linux user and developer, and I'm considering root so I can use sudo with Termux for some of my packages. How inadvisable is this? I want my device to be secure and would like to maintain the security features of GrapheneOS such as verified boot, hardened_malloc, etc...

If I don't plan on installing Magisk/Xposed packages beyond permitting termux to use root, could it be possible to stay relatively "safe" with rooted Graphene?

GrapheneOS

If I don't plan on installing Magisk/Xposed packages beyond permitting termux to use root, could it be possible to stay relatively "safe" with rooted Graphene?

You would no longer using GrapheneOS with over-the-air updates but rather a derivative of it with a bunch of the core security model destroyed. Giving root to a whole bunch of the OS and even to an app is inherently not compatible with keeping the security model intact. It would be possible to make a variant of the OS with a root terminal which wasn't a complete security disaster but wouldn't keep the whole security model intact so that can't be a standard thing. That would definitely not involve things like Magisk and Termux.

fosh19991

GrapheneOS Thank you for the insight! From reading up on some of the (very well written) documentation, I learned that installing Magisk is inherently unsafe, which has something to do with automatically needing to give Magisk access to large parts of the OS for things like filesystem and UI.

I'm interested in making a varient of Graphene with the only addition being a root terminal. How would I go about doing this? If you could point me in the right direction it would be greatly appreciated.