Closed Bug 805256 Opened 12 years ago Closed 11 years ago

Using ADB anyone can obtain root on a device

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
x86
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mfuller, Unassigned)

Details

(Keywords: sec-want, Whiteboard: "walk-by" (local) malware attack)

When connecting to the phone via adb shell, the default user is root. This allows anyone to simply pickup a phone, locked or not, and gain complete access to it including removing user data. The default user using adb should be "shell" and should not have root permissions.
Umm...what? This sounds...really bad.
Group: core-security
blocking-basecamp: --- → ?
Keywords: sec-high
Keywords: sec-highsec-critical
Whiteboard: "walk-by" (local) malware attack
This is very well known. Production devices will not have this enabled.
Group: core-security
In that case, I'll remove the nom then.
blocking-basecamp: ? → ---
OS: Mac OS X → Gonk (Firefox OS)
Partner would disable this root permission(ro.secure=1) on ramdisk image when they build shipping ROM.
Why is it root rather than shell?
Keywords: sec-criticalsec-want
Are you asking about development or production devices?
@comment 4 this also means that users will not be able to switch it to root if they want to tinker, or is there any other way to switch it back on?
@comment 7, In general, partner wouldn't let user to get the root permission because of warranty. The user can request to unlock the device and lose device warranty. Then they can flash any ROM that they want.
(In reply to Randy Lin [:rlin] from comment #8) > @comment 7, In general, partner wouldn't let user to get the root permission > because of warranty. The user can request to unlock the device and lose > device warranty. Then they can flash any ROM that they want. What is the procedure for the unlock? Is that something that has to be done in the store or can the carrier do this over the air?
(In reply to Stefan Arentz [:st3fan] from comment #9) > (In reply to Randy Lin [:rlin] from comment #8) > > @comment 7, In general, partner wouldn't let user to get the root permission > > because of warranty. The user can request to unlock the device and lose > > device warranty. Then they can flash any ROM that they want. > > What is the procedure for the unlock? > > Is that something that has to be done in the store or can the carrier do > this over the air? User can request unlock boot-loader via their company web site. for htc phone. need to apply unlock requeest on http://www.htcdev.com/bootloader for SE phone http://unlockbootloader.sonymobile.com/
Other vendors allow unlocking the bootloader using locally installable tools, which is what we much much prefer.
Closing this bug since production phones have adb shell using the "shell" user, and only development phones use the "root" user.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.