ubuntu-phone team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 07/08/2014 03:45 AM, Oliver Grawert wrote:
> Am Montag, den 07.07.2014, 22:45 +0200 schrieb Alexander Sack:
>> On Mon, Jul 7, 2014 at 12:43 PM, Oliver Grawert <ogra@xxxxxxxxxx> wrote:
>>> hi,
>>>
>>> with RTM approaching quickly we are working on the developer mode to
>>> make it act in a more secure manner. the following changes were
>>> discussed with the security team and will be implemented soon ... this
>>> will require a bunch of changes in out external tools that use adb
>>> access for tests or development (smoke testing, SDK access etc) as well
>>> as for the general developer:
>>>
>>> 1) adb will be disabled by default. you will have to hand over the
>>> --developer-mode option while flashing to override this behavior (see
>>> sergios mail from the 23rd)
>>>
>>> 2) adb will not allow root and only let you in as phablet user (you will
>>> have to use sudo like on any other ubuntu installation when doing
>>> administrative tasks)
>>>
>>> 3) on request of the security team it should not be possible to enable
>>> adb access if there is no password or the default password set for the
>>> phablet user so that there is no predictable sudo password that is
>>> identical on all devices. there are still a few blockers that prevent us
>>> from finishing this bit (more on that below).
>>>
>>> 4) you will be able to switch developer mode on/off in the
>>> system-settings in a sub page of the "about this device" section [1].
>>>
>>> the first bit (1) is already implemented but will need some extension to
>>> actually set a specific password (i.e. ubuntu-device-flash
>>> --developer-mode --password="mynewpw")
>>
>> I assume with this you cannot change the password after the fact
>> without wiping the user data on the device?
>>
> we can not wipe the device just because the user updates the
> password ... 
> 
>> Related, if you enable developer mode and haven't changed the password
>> (e.g. you cannot become root), there is no way you can access
>> application user data?
> 
> see the UI design, the switch to enable dev mode will be unresponsive
> unless you have set a new non empty password that is not the default
> one. (the same goes for ubuntu-device-flash it will not allow using
> --developer-mode without also using --password)
> 
To be clear, we are wanting to support devices that are 'ro' but with adb
enabled, right? Ie, I don't want to have to opt out of system-image updates just
cause I enabled adb and/or a sudo password. It would be great if 'rw' was
treating separately from the other things.


-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature