On 01/22/2014 05:46 PM, Negreanu, Adrian M wrote:
On Wed, Jan 22, 2014 at 1:58 AM, Carsten Haitzler <ti...@rasterman.com <mailto:ti...@rasterman.com>> wrote: On Tue, 21 Jan 2014 11:28:03 -0800 Ryan Ware <ryan.r.w...@intel.com <mailto:ryan.r.w...@intel.com>> said: > Tue, Jan 21, 2014 at 2:01 AM, Jussi Laako <jussi.la...@linux.intel.com <mailto:jussi.la...@linux.intel.com>>wrote: > > > On 21.1.2014 10:38, José Bollo wrote: > > > >> IMHO, SDB is integrated with the developer tools and that is really > >> good. But it is not sure at all: you can become root on the device > >> without being asked for any password, just a USB cable is needed. Also > >> SDB is a component that is not common, not proven, not linked to PAM, > >> and, that must be maintained at our cost. Just my 2 coins. > >> > > > > SDB should require enabling developer mode on the device itself, it > > shouldn't be enabled by default. Just like ADB (or whatever it was called) > > on my Android devices. I've enabled it once to flash CyanogenMOD. > > > > SDB should definitely not be on by default. Doing so goes against a number > of different security principals including reducing attackable surface area > and least privilege. sure - but same applies for ssh. the difference is that when i enable developer mode on my device. do some work, go to lunch with my phone and someone borrows it for 10 mins (plugs into usb and starts messing around) they can do so with no auth at all. zero. if sdb were to turn off every time a phone is unplugged we'll have insanely annoyed developers continually finding menus to turn it on and eventually deciding tizen is is more pain than anything else. How about being asked for a password when the USB cable is plugged in ? For Android, you get a notification and you can choose whether you enabled debug mode or not, which as you say, is not safe. Instead, you may be asked for a developer password and avoid digging through menus. Also, I find sdbd useful when bringing up new platforms, where network connectivity is not ready yet.
how is network connectivity not there? usb network gadget has been in the kernel as long as i've been doing phone stuff (since at least 2008). the kernel emulates a network usb device. you don't need wifi and other network. as for password - ask on the device screen? or in sdb the tool (and auth)? at least with ssh i can set up passwordless access with a key.
-- Adrian Marius Negreanu Intel Open Source Technology Center _______________________________________________ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
-- The above message is intended solely for the named addressee and may contain trade secret, industrial technology or privileged and confidential information otherwise protected under applicable law including the Unfair Competition Prevention and Trade Secret Protection Act. Any unauthorized dissemination, distribution, copying or use of the information contained in this communication is strictly prohibited. If you have received this communication in error, please notify the sender by email and delete this communication immediately.
_______________________________________________ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
