ubuntu-phone team mailing list archive

[Oliver Grawert <ogra@xxxxxxxxxx>]

hi,

with RTM approaching quickly we are working on the developer mode to
make it act in a more secure manner. the following changes were
discussed with the security team and will be implemented soon ... this
will require a bunch of changes in out external tools that use adb
access for tests or development (smoke testing, SDK access etc) as well
as for the general developer:

1) adb will be disabled by default. you will have to hand over the
--developer-mode option while flashing to override this behavior (see
sergios mail from the 23rd)

2) adb will not allow root and only let you in as phablet user (you will
have to use sudo like on any other ubuntu installation when doing
administrative tasks)

3) on request of the security team it should not be possible to enable
adb access if there is no password or the default password set for the
phablet user so that there is no predictable sudo password that is
identical on all devices. there are still a few blockers that prevent us
from finishing this bit (more on that below).

4) you will be able to switch developer mode on/off in the
system-settings in a sub page of the "about this device" section [1].

the first bit (1) is already implemented but will need some extension to
actually set a specific password (i.e. ubuntu-device-flash
--developer-mode --password="mynewpw")

the implementation of point 2 is also done already but i can not land it
without having all the third party tools of the QA, SDK and CI teams
adjusted for this first. this mail is a request to these teams to help
adjusting and testing for the new mode, i built an adbd package with the
changes you can pull from [2]. the following runes might help you if
your tool requires root access:

-- snip --
ogra@anubis:~$ adb shell 'echo "phablet" | sudo -S restart ssh
2>/dev/null'
ssh start/running, process 17632
-- snap --

(note this will indeed only work with the valid password which will once
point (3) is implemented not be "phablet" anymore. the redirect of
stderr ("2>/dev/null") is needed if you dont want to see sudos password
prompt, the -S option to sudo allows to echo the password in a scripted
manner to sudo. note that i have found no way to cheat "tee" with that
so if your script creates "here documents" you might have to do this on
the host machine and use adb push to copy them over )

please, if you work with any tool that requires adb access, help
adjusting your bits to work with the new android-tools-adbd package.

to make the phablet user password changeable in our readonly rootfs
(and /etc/password) world for the above point (3), we will have to use
libnss-extrausers. for this we are waiting on a fix of bug [3] from the
foundations team that will enable us to use the default user management
tools of ubuntu (and indeed ubuntu-device-flash will have to grow a
--developer-password option or something 
similar)

after implementing the dbus service to en/diable adb (as i wrote in
another mail) last week i will work on the UI bits in (4) now, but
please if you use any third party script that makes use of adb access
and requires changes, let me know about this (or if you have, even send
me patches) so that we can have everything together by end of this week.

if you got down here, thanks a lot for your attention and for taking the
time to read this lenghty mail :)  

ciao
	oli

[1] https://wiki.ubuntu.com/AboutThisDevice#developer-mode
[2]http://people.canonical.com/~ogra/android-tools-adbd_4.2.2
+git20130218-3ubuntu24_armhf.deb
[3] https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/1323732

Attachment: signature.asc
Description: This is a digitally signed message part