ubuntu-phone team mailing list archive

[Alexander Sack <asac@xxxxxxxxxxxxx>]

On Mon, Jul 7, 2014 at 12:43 PM, Oliver Grawert <ogra@xxxxxxxxxx> wrote:
> hi,
>
> with RTM approaching quickly we are working on the developer mode to
> make it act in a more secure manner. the following changes were
> discussed with the security team and will be implemented soon ... this
> will require a bunch of changes in out external tools that use adb
> access for tests or development (smoke testing, SDK access etc) as well
> as for the general developer:
>
> 1) adb will be disabled by default. you will have to hand over the
> --developer-mode option while flashing to override this behavior (see
> sergios mail from the 23rd)
>
> 2) adb will not allow root and only let you in as phablet user (you will
> have to use sudo like on any other ubuntu installation when doing
> administrative tasks)
>
> 3) on request of the security team it should not be possible to enable
> adb access if there is no password or the default password set for the
> phablet user so that there is no predictable sudo password that is
> identical on all devices. there are still a few blockers that prevent us
> from finishing this bit (more on that below).
>
> 4) you will be able to switch developer mode on/off in the
> system-settings in a sub page of the "about this device" section [1].
>
> the first bit (1) is already implemented but will need some extension to
> actually set a specific password (i.e. ubuntu-device-flash
> --developer-mode --password="mynewpw")

I assume with this you cannot change the password after the fact
without wiping the user data on the device?

Related, if you enable developer mode and haven't changed the password
(e.g. you cannot become root), there is no way you can access
application user data?

  - Alexander