Could ros be more secure?
A secure.ros (IIRC the nomeclature) wiki has been started with intense development listed but not much visible now.
The IoT universe looks, to me, like a swiss cheese for solidity re: security.
I’m a noob to programming AND to ros and in working through the install and beginning tutorials I am seeing that in both the debian and the ubuntu directions sudo is used. I have used the differentiation of root and user(s) to increase the security of my systems for all my systems.
I have tried other means to start this discussion:
ROS and its security #181 on the roswiki page at github (https://github.com/ros-infrastructure/roswicki/issues/181 (hopefully this is how I am to link in the conversations!!!))
at rosanswers under the topic ‘how to convert debian root to sudo with security’ (been trying to grab the exact url but the password system on rosanswers has got me beat!).
I would like to suggest, that at least for a debian installation, that the ros system be modified to use a 2 level (separate use of root and user) for the installation, management and operation of the system to increase the security of the system.