ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #08935
Re: Status update: Planned changes to the developer mode/adb access
Am Montag, den 07.07.2014, 22:45 +0200 schrieb Alexander Sack:
> On Mon, Jul 7, 2014 at 12:43 PM, Oliver Grawert <ogra@xxxxxxxxxx> wrote:
> > hi,
> >
> > with RTM approaching quickly we are working on the developer mode to
> > make it act in a more secure manner. the following changes were
> > discussed with the security team and will be implemented soon ... this
> > will require a bunch of changes in out external tools that use adb
> > access for tests or development (smoke testing, SDK access etc) as well
> > as for the general developer:
> >
> > 1) adb will be disabled by default. you will have to hand over the
> > --developer-mode option while flashing to override this behavior (see
> > sergios mail from the 23rd)
> >
> > 2) adb will not allow root and only let you in as phablet user (you will
> > have to use sudo like on any other ubuntu installation when doing
> > administrative tasks)
> >
> > 3) on request of the security team it should not be possible to enable
> > adb access if there is no password or the default password set for the
> > phablet user so that there is no predictable sudo password that is
> > identical on all devices. there are still a few blockers that prevent us
> > from finishing this bit (more on that below).
> >
> > 4) you will be able to switch developer mode on/off in the
> > system-settings in a sub page of the "about this device" section [1].
> >
> > the first bit (1) is already implemented but will need some extension to
> > actually set a specific password (i.e. ubuntu-device-flash
> > --developer-mode --password="mynewpw")
>
> I assume with this you cannot change the password after the fact
> without wiping the user data on the device?
>
we can not wipe the device just because the user updates the
password ...
> Related, if you enable developer mode and haven't changed the password
> (e.g. you cannot become root), there is no way you can access
> application user data?
see the UI design, the switch to enable dev mode will be unresponsive
unless you have set a new non empty password that is not the default
one. (the same goes for ubuntu-device-flash it will not allow using
--developer-mode without also using --password)
ciao
oli
Attachment:
signature.asc
Description: This is a digitally signed message part
Follow ups
References