On Wed, Jan 22, 2014 at 10:55 AM, Carsten Haitzler <[email protected]>wrote:
> > On 01/22/2014 05:46 PM, Negreanu, Adrian M wrote: > > > > > On Wed, Jan 22, 2014 at 1:58 AM, Carsten Haitzler <[email protected]>wrote: > >> On Tue, 21 Jan 2014 11:28:03 -0800 Ryan Ware <[email protected]> >> said: >> >> > Tue, Jan 21, 2014 at 2:01 AM, Jussi Laako <[email protected] >> >wrote: >> > >> > > On 21.1.2014 10:38, José Bollo wrote: >> > > >> > >> IMHO, SDB is integrated with the developer tools and that is really >> > >> good. But it is not sure at all: you can become root on the device >> > >> without being asked for any password, just a USB cable is needed. >> Also >> > >> SDB is a component that is not common, not proven, not linked to PAM, >> > >> and, that must be maintained at our cost. Just my 2 coins. >> > >> >> > > >> > > SDB should require enabling developer mode on the device itself, it >> > > shouldn't be enabled by default. Just like ADB (or whatever it was >> called) >> > > on my Android devices. I've enabled it once to flash CyanogenMOD. >> > > >> > >> > SDB should definitely not be on by default. Doing so goes against a >> number >> > of different security principals including reducing attackable surface >> area >> > and least privilege. >> >> sure - but same applies for ssh. the difference is that when i enable >> developer >> mode on my device. do some work, go to lunch with my phone and someone >> borrows >> it for 10 mins (plugs into usb and starts messing around) they can do so >> with no >> auth at all. zero. if sdb were to turn off every time a phone is unplugged >> we'll have insanely annoyed developers continually finding menus to turn >> it on >> and eventually deciding tizen is is more pain than anything else. >> > How about being asked for a password when the USB cable is plugged in ? > For Android, you get a notification and you can choose whether you > enabled debug mode or not, > which as you say, is not safe. > Instead, you may be asked for a developer password and avoid digging > through menus. > Also, I find sdbd useful when bringing up new platforms, where network > connectivity is not ready yet. > > > how is network connectivity not there? usb network gadget has been in the > kernel as long as i've been doing phone stuff (since at least 2008). the > kernel emulates a network usb device. you don't need wifi and other network. > I think we're viewing the problem from two different point of views. I'm more interested in a device in the "bring-up" stage where you might not have OTG ready(thus no USB gadgets), whereas (I assume) you're interested in a device that's well after the "bring-up" stage. For the latter, when everything works fine, SDBD is indeed optional. > > as for password - ask on the device screen? > Yup, on the device screen. This means that when I'm not in graphical run-level, I can use SDBD w/o being asked for a password. -- Adrian Marius Negreanu Intel Open Source Technology Center
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
