Re: [PATCH 0/7] KDB: Kiosk (reduced capabilities) mode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: John Stultz <john.stultz@linaro.org>
To: Anton Vorontsov <cbouatmailru@gmail.com>
Cc: Colin Cross <ccross@google.com>,
	Jason Wessel <jason.wessel@windriver.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	arve@android.com, linux-kernel@vger.kernel.org,
	linaro-kernel@lists.linaro.org, patches@linaro.org,
	kernel-team@android.com, kgdb-bugreport@lists.sourceforge.net,
	Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: [PATCH 0/7] KDB: Kiosk (reduced capabilities) mode
Date: Fri, 27 Jul 2012 18:49:37 -0700	[thread overview]
Message-ID: <50134531.5060007@linaro.org> (raw)
In-Reply-To: <20120728012632.GA1766@lizard>

On 07/27/2012 06:26 PM, Anton Vorontsov wrote:
> On Fri, Jul 27, 2012 at 12:30:49PM -0700, Colin Cross wrote:
>>> The are two use-cases for the mode, one is evil, but another is quite
>>> legitimate.
>>>
>>> The evil use case is used by some (ahem) phone manufaturers that want
>>> to have a debuging facilities on a production device, but still don't
>>> want you to use the debugger to gain root access. I don't like locked
>>> phones, and I would not touch this/get my hands dirty by implementing
>>> the feature just for this evil (IMHO) use case.
>> The point of the reduced feature set in FIQ debugger is not to prevent
>> you from accessing your own phone, it designed to prevent others from
>> trivially rooting your phone and reading your data.  Both locked and
>> unlocked phones run FIQ debugger.  Would you carry a phone with
>> personal data on it and KGDB enabled on the serial console?
> Short answer: yes, I would carry such a phone. :-)
>
> Long answer:
>
> If someone was so interested in cracking the phone/data and so
> ended up with attaching serial console and attempted to use debugger
> techniques to gain access to my data, then thief's next step would be
> soldering a few wires to JTAG spots, and it will be all done in
> minutes. Knowledge-wise, using JTAG is even more trivial than using the
> debugger techniques to get to my data, you just need some HW skills.

The serial console on some of these phones are accessed via the 
headphone jack.

Imagine an airline provides free noise cancelling headphones for 
flights. Those headphones are of course "smart" and covertly try to 
quickly capture data off of the phone's debugger interface, storing on 
some headphone internal flash, all without the user noticing.

So I think Colin's concerns (regardless of any paranoia about phone 
OEM's intentions) is reasonable.

thanks
-john

next prev parent reply	other threads:[~2012-07-28  1:49 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-07-26 14:25 [PATCH 0/7] KDB: Kiosk (reduced capabilities) mode Anton Vorontsov
2012-07-26 14:26 ` [PATCH 1/7] kdb: Remove currently unused kdbtab_t->cmd_flags Anton Vorontsov
2012-07-26 14:26 ` [PATCH 2/7] kdb: Rename kdb_repeat_t to kdb_cmdflags_t, cmd_repeat to cmd_flags Anton Vorontsov
2012-07-26 14:26 ` [PATCH 3/7] kdb: Rename kdb_register_repeat() to kdb_register_flags() Anton Vorontsov
2012-07-26 14:26 ` [PATCH 4/7] kdb: Use KDB_REPEAT_* values as flags Anton Vorontsov
2012-07-26 14:26 ` [PATCH 5/7] kdb: Remove KDB_REPEAT_NONE flag Anton Vorontsov
2012-07-26 14:26 ` [PATCH 6/7] kdb: Mark safe commands as KDB_SAFE and KDB_SAFE_NO_ARGS Anton Vorontsov
2012-07-26 17:07   ` Alan Cox
2012-07-26 17:39     ` Anton Vorontsov
2012-07-30 12:04       ` [PATCH v2 " Anton Vorontsov
2012-07-26 14:26 ` [PATCH 7/7] kdb: Add kiosk mode Anton Vorontsov
2012-07-27 19:30 ` [PATCH 0/7] KDB: Kiosk (reduced capabilities) mode Colin Cross
2012-07-28  1:26   ` Anton Vorontsov
2012-07-28  1:49     ` John Stultz [this message]
2012-07-28  1:53     ` Colin Cross
  -- strict thread matches above, loose matches on Subject: below --
2012-10-16  1:17 Anton Vorontsov
2012-11-15  1:48 ` John Stultz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50134531.5060007@linaro.org \
    --to=john.stultz@linaro.org \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=arve@android.com \
    --cc=cbouatmailru@gmail.com \
    --cc=ccross@google.com \
    --cc=jason.wessel@windriver.com \
    --cc=kernel-team@android.com \
    --cc=kgdb-bugreport@lists.sourceforge.net \
    --cc=linaro-kernel@lists.linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=patches@linaro.org \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.