Using ADB anyone can obtain root on a device

RESOLVED WORKSFORME

Status

Firefox OS
General
RESOLVED WORKSFORME
5 years ago
4 years ago

People

(Reporter: mfuller, Unassigned)

Tracking

({sec-want})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: "walk-by" (local) malware attack)

(Reporter)

Description

5 years ago
When connecting to the phone via adb shell, the default user is root. This allows anyone to simply pickup a phone, locked or not, and gain complete access to it including removing user data.

The default user using adb should be "shell" and should not have root permissions.
Umm...what? This sounds...really bad.
Group: core-security
blocking-basecamp: --- → ?
Keywords: sec-high
Keywords: sec-high → sec-critical
Whiteboard: "walk-by" (local) malware attack
This is very well known.  Production devices will not have this enabled.
Group: core-security
In that case, I'll remove the nom then.
blocking-basecamp: ? → ---
OS: Mac OS X → Gonk (Firefox OS)
Partner would disable this root permission(ro.secure=1) on ramdisk image when they build shipping ROM.
Why is it root rather than shell?
Keywords: sec-critical → sec-want
Are you asking about development or production devices?
@comment 4 this also means that users will not be able to switch it to root if they want to tinker, or is there any other way to switch it back on?
@comment 7, In general, partner wouldn't let user to get the root permission because of warranty. The user can request to unlock the device and lose device warranty. Then they can flash any ROM that they want.
(In reply to Randy Lin [:rlin] from comment #8)
> @comment 7, In general, partner wouldn't let user to get the root permission
> because of warranty. The user can request to unlock the device and lose
> device warranty. Then they can flash any ROM that they want.

What is the procedure for the unlock?

Is that something that has to be done in the store or can the carrier do this over the air?
(In reply to Stefan Arentz [:st3fan] from comment #9)
> (In reply to Randy Lin [:rlin] from comment #8)
> > @comment 7, In general, partner wouldn't let user to get the root permission
> > because of warranty. The user can request to unlock the device and lose
> > device warranty. Then they can flash any ROM that they want.
> 
> What is the procedure for the unlock?
> 
> Is that something that has to be done in the store or can the carrier do
> this over the air?

User can request unlock boot-loader via their company web site.
for htc phone. 
need to apply unlock requeest on http://www.htcdev.com/bootloader
for SE phone
http://unlockbootloader.sonymobile.com/
Other vendors allow unlocking the bootloader using locally installable tools, which is what we much much prefer.
Duplicate of this bug: 876345
Duplicate of this bug: 876345
Closing this bug since production phones have adb shell using the "shell" user, and only development phones use the "root" user.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.