ubuntu-phone team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 14-07-08 04:36 AM, Oliver Grawert wrote:
> hi,
> Am Montag, den 07.07.2014, 17:34 -0400 schrieb Marc Deslauriers:
>> On 14-07-07 06:43 AM, Oliver Grawert wrote:
>>> 3) on request of the security team it should not be possible to enable
>>> adb access if there is no password or the default password set for the
>>> phablet user so that there is no predictable sudo password that is
>>> identical on all devices. there are still a few blockers that prevent us
>>> from finishing this bit (more on that below).
>>
>> We also asked that adb refuse connections if the screen is locked. Is this
>> implemented?
> 
> erm, no, what was asked was that you can only *enable* adb if there is a
> sudo password set (one that isnt either empty or "phablet") and this is
> what i am implementing atm ... we wont be able to keep smoke testing
> working if you get kicked out when the device locks (and it would be
> overly annoying) ... i think we need to make some compromise between
> usability and security here ...
> 

The goal is that if my screen is locked, and adb is enabled, nobody can simply
plug my phone into a computer and unlock it using adb.

I just want adb to refuse connections if they are attempted _while_ the screen
is locked. If adb is already servicing a connection, it doesn't need to drop it
when the screen then locks.

Marc.