touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #17109
[Bug 1368751] [NEW] [enhancement] allow MTP access for authenticated computers
Public bug reported:
In accordance with
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData,
MTP currently refuses to show any folders when connecting the device to
a system and the device's screen is locked (good). A nice future
enhancement might be to do something similar to what is planned with
adb-- using a certificate or token for each system the device connects
to. Eg, it might look something like this:
1. Janet plugs in a locked device to her new laptop
2. MTP checks to see if this system (the new laptop) is known to the device
3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories
4. Janet unlocks the screen on the device and the files are exported to her laptop
5. Meanwhile on the device, MTP prompts Janet with:
Detected new system. Unconditionally export MTP files to this system in the future?
[ ] yes [ ] no
6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices
7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures
8. Janet returns home and plugs her locked device into her laptop
9. MTP checks to see if this system (the new laptop) is known to the device
10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen) and she can copy her fun pictures to her laptop
If Janet answered 'no' in step '6', after performing step '9', MTP would
proceed to step '3' instead of '10'.
This probably requires design for the user interactions. Eg, perhaps it
would be good to remember if the user answered 'no' in step '5'. Also,
it would be good to be able to revoke systems from the database of known
devices.
This is not for RTM. This is not a security requirement. This is for UX.
** Affects: mtp (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
In accordance with
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData,
MTP currently refuses to show any folders when connecting the device to
- a system and the device's screen is locked. (good). A nice future
+ a system and the device's screen is locked (good). A nice future
enhancement might be to do something similar to what is planned with
adb-- using a certificate or token for each system the device connects
to. Eg, it might look something like this:
1. Janet plugs in a locked device to her new laptop
2. MTP checks to see if this system (the new laptop) is known to the device
3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories
4. Janet unlocks the screen on the device and the files are exported to her laptop
5. MTP then prompts Janet with:
- Detected new system. Unconditionally export MTP files to this system in the future?
- [ ] yes [ ] no
+ Detected new system. Unconditionally export MTP files to this system in the future?
+ [ ] yes [ ] no
6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices
7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures
8. Janet returns home and plugs her locked device into her laptop
9. MTP checks to see if this system (the new laptop) is known to the device
10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen)
If Janet answered 'no' in step '6', after performing step '9', MTP would
proceed to step '3' instead of '10'.
This probably requires design for the user interactions. Eg, perhaps it
would be good to remember if the user answered 'no' in step '5'. Also,
it would be good to be able to revoke systems from the database of known
devices.
This is not for RTM. This is not a security requirement. This is for UX.
** Description changed:
In accordance with
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData,
MTP currently refuses to show any folders when connecting the device to
a system and the device's screen is locked (good). A nice future
enhancement might be to do something similar to what is planned with
adb-- using a certificate or token for each system the device connects
to. Eg, it might look something like this:
1. Janet plugs in a locked device to her new laptop
2. MTP checks to see if this system (the new laptop) is known to the device
3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories
4. Janet unlocks the screen on the device and the files are exported to her laptop
- 5. MTP then prompts Janet with:
+ 5. Meanwhile on the device, MTP prompts Janet with:
Detected new system. Unconditionally export MTP files to this system in the future?
[ ] yes [ ] no
6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices
7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures
8. Janet returns home and plugs her locked device into her laptop
9. MTP checks to see if this system (the new laptop) is known to the device
10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen)
If Janet answered 'no' in step '6', after performing step '9', MTP would
proceed to step '3' instead of '10'.
This probably requires design for the user interactions. Eg, perhaps it
would be good to remember if the user answered 'no' in step '5'. Also,
it would be good to be able to revoke systems from the database of known
devices.
This is not for RTM. This is not a security requirement. This is for UX.
** Description changed:
In accordance with
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData,
MTP currently refuses to show any folders when connecting the device to
a system and the device's screen is locked (good). A nice future
enhancement might be to do something similar to what is planned with
adb-- using a certificate or token for each system the device connects
to. Eg, it might look something like this:
1. Janet plugs in a locked device to her new laptop
2. MTP checks to see if this system (the new laptop) is known to the device
3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories
4. Janet unlocks the screen on the device and the files are exported to her laptop
5. Meanwhile on the device, MTP prompts Janet with:
Detected new system. Unconditionally export MTP files to this system in the future?
[ ] yes [ ] no
6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices
7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures
8. Janet returns home and plugs her locked device into her laptop
9. MTP checks to see if this system (the new laptop) is known to the device
- 10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen)
+ 10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen) and she can copy her fun pictures to her laptop
If Janet answered 'no' in step '6', after performing step '9', MTP would
proceed to step '3' instead of '10'.
This probably requires design for the user interactions. Eg, perhaps it
would be good to remember if the user answered 'no' in step '5'. Also,
it would be good to be able to revoke systems from the database of known
devices.
This is not for RTM. This is not a security requirement. This is for UX.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mtp in Ubuntu.
https://bugs.launchpad.net/bugs/1368751
Title:
[enhancement] allow MTP access for authenticated computers
Status in “mtp” package in Ubuntu:
New
Bug description:
In accordance with
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData,
MTP currently refuses to show any folders when connecting the device
to a system and the device's screen is locked (good). A nice future
enhancement might be to do something similar to what is planned with
adb-- using a certificate or token for each system the device connects
to. Eg, it might look something like this:
1. Janet plugs in a locked device to her new laptop
2. MTP checks to see if this system (the new laptop) is known to the device
3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories
4. Janet unlocks the screen on the device and the files are exported to her laptop
5. Meanwhile on the device, MTP prompts Janet with:
Detected new system. Unconditionally export MTP files to this system in the future?
[ ] yes [ ] no
6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices
7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures
8. Janet returns home and plugs her locked device into her laptop
9. MTP checks to see if this system (the new laptop) is known to the device
10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen) and she can copy her fun pictures to her laptop
If Janet answered 'no' in step '6', after performing step '9', MTP
would proceed to step '3' instead of '10'.
This probably requires design for the user interactions. Eg, perhaps
it would be good to remember if the user answered 'no' in step '5'.
Also, it would be good to be able to revoke systems from the database
of known devices.
This is not for RTM. This is not a security requirement. This is for
UX.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mtp/+bug/1368751/+subscriptions
Follow ups
References
