ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #08944
Re: Status update: Planned changes to the developer mode/adb access
On 08.07.2014 13:57, Oliver Grawert wrote:
> hi,
> Am Dienstag, den 08.07.2014, 07:11 -0400 schrieb Marc Deslauriers:
>
>> I just want adb to refuse connections if they are attempted _while_ the screen
>> is locked. If adb is already servicing a connection, it doesn't need to drop it
>> when the screen then locks.
> so how would you as a developer then debug a not starting UI session (in
> which case you wouldn't even have the info if the screen is locked or
> not due to not having the respective dbus service available... )
>
> this is a "debug and development shell", to enable it you made a
> conscious decision to do so and it required you to set a password so
> nobody can "just sudo" by knowing the default password ...
> if you did that conscious decision it is also up to you to make sure to
> disable it again or live with the insecurity you introduced ... i think
> the major point is that by default adbd is disabled and can only be
> enabled if you took active action. once it is enabled you actively added
> insecurity anyway.
>
How about enabling adb based on HMAC similiar to a Yubikey? So if you
were to steel somebody's phone you'd have to unlock it and enable adb once.
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
References