On Wed, Jan 22, 2014 at 1:58 AM, Carsten Haitzler <[email protected]>wrote:
> On Tue, 21 Jan 2014 11:28:03 -0800 Ryan Ware <[email protected]> said: > > > Tue, Jan 21, 2014 at 2:01 AM, Jussi Laako <[email protected] > >wrote: > > > > > On 21.1.2014 10:38, José Bollo wrote: > > > > > >> IMHO, SDB is integrated with the developer tools and that is really > > >> good. But it is not sure at all: you can become root on the device > > >> without being asked for any password, just a USB cable is needed. Also > > >> SDB is a component that is not common, not proven, not linked to PAM, > > >> and, that must be maintained at our cost. Just my 2 coins. > > >> > > > > > > SDB should require enabling developer mode on the device itself, it > > > shouldn't be enabled by default. Just like ADB (or whatever it was > called) > > > on my Android devices. I've enabled it once to flash CyanogenMOD. > > > > > > > SDB should definitely not be on by default. Doing so goes against a > number > > of different security principals including reducing attackable surface > area > > and least privilege. > > sure - but same applies for ssh. the difference is that when i enable > developer > mode on my device. do some work, go to lunch with my phone and someone > borrows > it for 10 mins (plugs into usb and starts messing around) they can do so > with no > auth at all. zero. if sdb were to turn off every time a phone is unplugged > we'll have insanely annoyed developers continually finding menus to turn > it on > and eventually deciding tizen is is more pain than anything else. > How about being asked for a password when the USB cable is plugged in ? For Android, you get a notification and you can choose whether you enabled debug mode or not, which as you say, is not safe. Instead, you may be asked for a developer password and avoid digging through menus. Also, I find sdbd useful when bringing up new platforms, where network connectivity is not ready yet. -- Adrian Marius Negreanu Intel Open Source Technology Center
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
