Tue, Jan 21, 2014 at 2:01 AM, Jussi Laako <[email protected]>wrote:
> On 21.1.2014 10:38, José Bollo wrote: > >> IMHO, SDB is integrated with the developer tools and that is really >> good. But it is not sure at all: you can become root on the device >> without being asked for any password, just a USB cable is needed. Also >> SDB is a component that is not common, not proven, not linked to PAM, >> and, that must be maintained at our cost. Just my 2 coins. >> > > SDB should require enabling developer mode on the device itself, it > shouldn't be enabled by default. Just like ADB (or whatever it was called) > on my Android devices. I've enabled it once to flash CyanogenMOD. > SDB should definitely not be on by default. Doing so goes against a number of different security principals including reducing attackable surface area and least privilege. Ryan
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
