2014-07-22 16:34:47 |
Jamie Strandboge |
bug |
|
|
added bug |
2014-07-22 16:35:45 |
Jamie Strandboge |
bug task added |
|
ubuntu-filemanager-app |
|
2014-07-23 06:40:36 |
David Planella |
ubuntu-filemanager-app: status |
New |
Incomplete |
|
2014-07-23 06:40:40 |
David Planella |
ubuntu-terminal-app: status |
New |
Incomplete |
|
2014-07-23 16:50:24 |
Jamie Strandboge |
ubuntu-filemanager-app: status |
Incomplete |
New |
|
2014-07-23 16:50:27 |
Jamie Strandboge |
ubuntu-terminal-app: status |
Incomplete |
New |
|
2014-07-24 16:17:31 |
Jamie Strandboge |
tags |
|
rtm14 |
|
2014-07-24 16:18:12 |
Jamie Strandboge |
description |
Ubuntu Touch will soon have the ability to set a PIN/password for the user. If the password is set, we should limit access to the terminal and the filemanager to guard against sideloading apps when lending a phone to someone who does not know the PIN/password.
For the terminal, we should unconditionally require the screenlock password when one is set on application launch.
For the file manager, we should allow passwordless access to MTP-exported directories, and require the screenlock password when one is set when accessing non-MTP-exported directories. This can be implemented as a button (or similar): 'Show all files' which when clicked should prompt for the password (if set). 'Show all files' should not be remembered between application invocations.
IMPORTANT: this only covers a very limited set of attack scenarios, but does guard against casual trojanning when lending a phone to a stranger. Notably, it does not cover sideloading via adb. |
Ubuntu Touch will soon have the ability to set a PIN/password for the user. If the password is set, we should limit access to the terminal and the filemanager to guard against sideloading apps when lending a phone to someone who does not know the PIN/password.
For the terminal, we should unconditionally require the screenlock password when one is set on application launch.
For the file manager, we should allow passwordless access to MTP-exported directories, and require the screenlock password when one is set when accessing non-MTP-exported directories. This can be implemented as a button (or similar): 'Show all files' which when clicked should prompt for the password (if set). 'Show all files' should not be remembered between application invocations.
IMPORTANT: this only covers a very limited set of attack scenarios, but does guard against casual trojanning when lending a phone to a stranger. Notably, it does not cover sideloading via adb.
FYI, these changes are required for RTM, so I added the appropriate tag. The Importance should be at least 'High'. |
|
2014-07-25 04:59:07 |
David Planella |
ubuntu-filemanager-app: status |
New |
Triaged |
|
2014-07-25 04:59:10 |
David Planella |
ubuntu-filemanager-app: importance |
Undecided |
High |
|
2014-07-25 04:59:12 |
David Planella |
ubuntu-terminal-app: status |
New |
Triaged |
|
2014-07-25 04:59:15 |
David Planella |
ubuntu-terminal-app: importance |
Undecided |
High |
|
2014-07-25 16:54:34 |
David Planella |
description |
Ubuntu Touch will soon have the ability to set a PIN/password for the user. If the password is set, we should limit access to the terminal and the filemanager to guard against sideloading apps when lending a phone to someone who does not know the PIN/password.
For the terminal, we should unconditionally require the screenlock password when one is set on application launch.
For the file manager, we should allow passwordless access to MTP-exported directories, and require the screenlock password when one is set when accessing non-MTP-exported directories. This can be implemented as a button (or similar): 'Show all files' which when clicked should prompt for the password (if set). 'Show all files' should not be remembered between application invocations.
IMPORTANT: this only covers a very limited set of attack scenarios, but does guard against casual trojanning when lending a phone to a stranger. Notably, it does not cover sideloading via adb.
FYI, these changes are required for RTM, so I added the appropriate tag. The Importance should be at least 'High'. |
Ubuntu Touch will soon have the ability to set a PIN/password for the user. If the password is set, we should limit access to the terminal and the filemanager to guard against sideloading apps when lending a phone to someone who does not know the PIN/password.
For the terminal, we should unconditionally require the screenlock password when one is set on application launch. See https://ubuntu.mybalsamiq.com/projects/ubuntuphonecoreapps/Terminal%20security
For the file manager, we should allow passwordless access to MTP-exported directories, and require the screenlock password when one is set when accessing non-MTP-exported directories. This can be implemented as a button (or similar): 'Show all files' which when clicked should prompt for the password (if set). 'Show all files' should not be remembered between application invocations.
IMPORTANT: this only covers a very limited set of attack scenarios, but does guard against casual trojanning when lending a phone to a stranger. Notably, it does not cover sideloading via adb.
FYI, these changes are required for RTM, so I added the appropriate tag. The Importance should be at least 'High'. |
|
2014-07-25 17:15:22 |
Jamie Strandboge |
bug |
|
|
added subscriber Seth Arnold |
2014-07-29 21:42:23 |
Arto Jalkanen |
ubuntu-filemanager-app: importance |
High |
Critical |
|
2014-07-31 08:17:10 |
David Planella |
ubuntu-terminal-app: importance |
High |
Critical |
|
2014-08-01 12:46:47 |
David Planella |
ubuntu-filemanager-app: assignee |
|
Arto Jalkanen (ajalkane) |
|
2014-08-05 09:30:05 |
David Planella |
branch linked |
|
lp:~ajalkane/ubuntu-filemanager-app/require-screenlock-password |
|
2014-08-08 07:54:17 |
David Planella |
branch linked |
|
lp:~ubuntu-filemanager-dev/ubuntu-filemanager-app/require-screenlock-password |
|
2014-08-08 07:54:26 |
David Planella |
branch unlinked |
lp:~ajalkane/ubuntu-filemanager-app/require-screenlock-password |
|
|
2014-08-15 05:58:40 |
Ubuntu Phone Apps Jenkins Bot |
ubuntu-filemanager-app: status |
Triaged |
Fix Committed |
|
2014-08-16 07:51:59 |
David Planella |
branch linked |
|
lp:~ubuntu-terminal-dev/ubuntu-terminal-app/require-password-screenlock |
|
2014-08-29 15:17:19 |
Alan Pope πΊπ§π± π¦ |
branch linked |
|
lp:~twstd-dev/ubuntu-terminal-app/require-password-check |
|
2014-08-29 15:17:41 |
Alan Pope πΊπ§π± π¦ |
branch unlinked |
lp:~ubuntu-terminal-dev/ubuntu-terminal-app/require-password-screenlock |
|
|
2014-09-04 00:06:20 |
Ubuntu Phone Apps Jenkins Bot |
ubuntu-terminal-app: status |
Triaged |
Fix Committed |
|
2014-09-09 14:15:41 |
Alan Pope πΊπ§π± π¦ |
ubuntu-filemanager-app: status |
Fix Committed |
Fix Released |
|
2014-09-09 14:15:47 |
Alan Pope πΊπ§π± π¦ |
ubuntu-terminal-app: status |
Fix Committed |
Fix Released |
|