Re: [b2g] Security implications of remote debugging on devices

Tue, 10 Sep 2013 13:13:41 -0700

Its not in production builds yet but we should eventually get there since how would an App developer be able to test their app? I appreciate there are a number of HUGE security and privacy issues that need to be overcome but I think it should still be on the table even if for a later date. 

David

On 10/09/2013 19:57, Paul Theriault wrote:
Marionette isn't provided on production builds (unless that is what you are proposing). Developer builds have root access enabled so not an issue I think.
Marionette is actually equivalent to root, not just similar to root (since it can execute chrome code, not just code in the system app). So I don't think we would ship marionette on any phone that we prevent root access on. 

On Sep 10, 2013, at 8:38 PM, David Burns wrote:
How would this security model work with Marionette since Marionette needs to access different apps according to what the user wants to do.
We go in through a similar route to the remote debugger into the device(we are just a different actor) 

David

On 10/09/2013 16:29, Paul Theriault wrote:

(bcc dev-gaia)

I have been discussing the security implications of remote debugging with a 
number of people and I wanted to through the question out to a wider audience. 
Remote debugging allows access to read any data in app and as such has 
implications for the scenario of when a user loses their phone.

Do we want to allow the remote debugger to connect to any app?

My proposal is that, for production devices, you should only be allowed to 
debug the apps you are developing. That is, the remote debugger will only 
connect to web apps and privileged apps pushed to the device via the simulator. 
It will _not_ connect to certified apps, or signed privileged apps installed 
from the store. The only exception to this i can think of is we probably 
support remote debugging of tabs within the browser app (and possibly 
bookmarked web pages opened by the system app).

For developer builds, the remote debugger would connect to any app.

Thoughts on this proposal?

- Paul




_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g






_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g

Reply via email to