ubuntu-phone team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 14-07-07 04:45 PM, Alexander Sack wrote:
> On Mon, Jul 7, 2014 at 12:43 PM, Oliver Grawert <ogra@xxxxxxxxxx> wrote:
>> hi,
>>
>> with RTM approaching quickly we are working on the developer mode to
>> make it act in a more secure manner. the following changes were
>> discussed with the security team and will be implemented soon ... this
>> will require a bunch of changes in out external tools that use adb
>> access for tests or development (smoke testing, SDK access etc) as well
>> as for the general developer:
>>
>> 1) adb will be disabled by default. you will have to hand over the
>> --developer-mode option while flashing to override this behavior (see
>> sergios mail from the 23rd)
>>
>> 2) adb will not allow root and only let you in as phablet user (you will
>> have to use sudo like on any other ubuntu installation when doing
>> administrative tasks)
>>
>> 3) on request of the security team it should not be possible to enable
>> adb access if there is no password or the default password set for the
>> phablet user so that there is no predictable sudo password that is
>> identical on all devices. there are still a few blockers that prevent us
>> from finishing this bit (more on that below).
>>
>> 4) you will be able to switch developer mode on/off in the
>> system-settings in a sub page of the "about this device" section [1].
>>
>> the first bit (1) is already implemented but will need some extension to
>> actually set a specific password (i.e. ubuntu-device-flash
>> --developer-mode --password="mynewpw")
> 
> I assume with this you cannot change the password after the fact
> without wiping the user data on the device?

Sure, you enable a password/PIN on the lock screen.

> 
> Related, if you enable developer mode and haven't changed the password
> (e.g. you cannot become root), there is no way you can access
> application user data?
> 

You don't need root to access application user data.

Marc.