Go Back   Android Forums > Android Tablets & MIDs > HP TouchPad

New Forums: Nexus Player | Nexus 9
test: Reply
 
LinkBack Thread Tools
Old March 16th, 2012, 10:25 PM   #1 (permalink)
Member
Thread Author (OP)
 
jericko's Avatar
 
Join Date: Feb 2011
Location: Omaha
Posts: 343
 
Device(s): Samsung S4 ASUS TF300
Carrier: Not Provided

Thanks: 233
Thanked 124 Times in 61 Posts
Default CyanogenMod disables root access by default

Security and You | CyanogenMod

Many of you may not give it a second glance, but among all the furor and concern about permissions requested by market apps and privacy, all Custom ROMs (CyanogenMod included) ship with one major security risk — root!
We have been struggling with how to handle this for quite a bit, and took a first step with the first public CyanogenMod 9 alpha builds, by disabling the previously-default root access over USB. You can still get adb root access by running “adb root” in terminal, should you ever need it.
We recently merged 3 patches into CyanogenMod 9, to further address this: Gerrit Code Review Gerrit Code Review and Gerrit Code Review.
What follows is an explanation of the changes, how they affect you and our reasoning behind them.
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
  • Disabled
  • Enabled for ADB only
  • Enabled for Apps only
  • Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured.

  • Colton
    I would like to see CyanogenMod shipped with SELinux for Android.

  • Logan
    Android should have a permission for “root” like other permissions so the user is notified when they install the app that it can request root access

  • Tom Burall
    Could the “Enabled for Apps only” option also include a list of apps that can be selected to have root access?

  • Tom Burall
    Could the “Enabled for Apps only” option also include a list of apps that can be selected to have root access?

  • CyanogenMod | Android Community Rom based on Gingerbread ciwrl
    The su app already handles this aspect, so we don’t see a real need there.

  • CyanogenMod | Android Community Rom based on Gingerbread ciwrl
    That would all but make Google acknowledge the ‘root’ as legitimate in the market. That won’t be likely to happen.

  • Anonymous
    CyanogenMod needs to get into the business with Mobile Brands (HTC, Samsung and etc) and US Carriers (Sprint, Verizon, T-Mobile and etc)… cuz it has awesome ROMs.

  • Puklu
    Sounds good, I think that’s definitely a step in the right direction. Can’t wait to get it to daily use.

  • norupz
    Clever move


Advertisements
jericko is offline  
Reply With Quote
The Following User Says Thank You to jericko For This Useful Post:
colchiro (March 16th, 2012)
sponsored links
Old March 16th, 2012, 11:52 PM   #2 (permalink)
Senior Member
 
colchiro's Avatar
 
Join Date: Jun 2010
Gender: Male
Posts: 8,886
 
Device(s): HP TouchPad, HTC One Max, Dell Venue 11 Pro
Carrier: Verizon

Thanks: 840
Thanked 1,820 Times in 1,413 Posts
Default

Looks like that will be tonight's build and moving forward.

Guess I'm going to sit this one out. I don't feel like a martyr.

changelog
colchiro is offline  
Reply With Quote
Old March 17th, 2012, 09:59 AM   #3 (permalink)
Member
 
Join Date: Jul 2010
Location: NW Indiana
Posts: 113
 
Device(s): Droid Razr Maxx, Xoom, Nexus 7, Touchpad, (Retired Droid X)
Carrier: Not Provided

Thanks: 19
Thanked 12 Times in 9 Posts
Default

I think it's a good idea. People that need root don't lose anything and it's not an open security hole for those that don't need it.
awells527 is offline  
Reply With Quote
Old March 17th, 2012, 10:12 AM   #4 (permalink)
Senior Member
 
colchiro's Avatar
 
Join Date: Jun 2010
Gender: Male
Posts: 8,886
 
Device(s): HP TouchPad, HTC One Max, Dell Venue 11 Pro
Carrier: Verizon

Thanks: 840
Thanked 1,820 Times in 1,413 Posts
Default

It's going to be a pain in the a$$ to have to set after every update.
colchiro is offline  
Reply With Quote
Old March 18th, 2012, 08:11 AM   #5 (permalink)
Senior Member
 
Join Date: May 2010
Posts: 3,335
 
Device(s): Moto X, Nexus 7
Carrier: Not Provided

Thanks: 89
Thanked 1,543 Times in 794 Posts
Default

Quote:
Originally Posted by colchiro View Post
It's going to be a pain in the a$$ to have to set after every update.
One check box is a huge pain?

Also, do you have a reason to believe you have to re-set it after every update? No other OS settings are lost after an update. I was looking through the text and couldn't find an indication that you'd have to re-set it every time.
binary visions is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Tablets & MIDs > HP TouchPad
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 06:31 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.