We have moved to a new Sailfish OS Forum. Please start new discussions there.
9

[Q] devel-su requires remote connection enabled? Security hole? [answered]

asked 2014-03-19 01:09:28 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-01-14 12:33:18 +0200

eric gravatar image

I am a bit puzzled, since OS 1.0.4.20 strange things happen:

  • I can ssh the Jolla while "Remote connection" is disabled.
    Ok, I cannot login, however the Jolla handset sends me the password request (repeatedly – until I enable "Remote connections", then the login is accepted). I think, in previous OS versions, the Jolla device would simply not answer while "Remote connections" was switched off.
  • I cannot devel-su without "Remote connection" being enabled.
    A password had been set previously and "Remote connection" disabled again. However, that last password is not acknowledged any longer (as it was with previous OS versions).

If my observations are correct, in my humble opinion the changes to the security system have reduced system security:

  • It should not be necessary to allow for remote access while operating locally as devel-su.
    For local devel-su, a rather simple password is sufficient, however while remote access is possible, I should set a password that is rather hard-to-crack.
  • Jolla handset should not permanently listen on the ssh port and answer contact requests. Can anybody be sure that there is no bug in the code that can be used to get access to the phone even the last password is not accepted?
edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by jgr
close date 2014-03-19 12:10:47.863212

1 Answer

Sort by » oldest newest most voted
2

answered 2014-03-19 10:41:06 +0200

rainisto gravatar image

Thanks for the feedback. Not a security hole as such, but really awkward behaviour.

We will improve developer mode settings at some point in future updates.

edit flag offensive delete publish link more

Question tools

Follow
2 followers

Stats

Asked: 2014-03-19 01:09:28 +0200

Seen: 471 times

Last updated: Mar 19 '14