[BitPim-devel] USB Port Auto Notification to BitPim

Discussion:

Joe Pham

2006-08-15 01:25:35 UTC

I plan to implement a BitPim feature that provides automatic
notification to BitPim of USB devices being connected/disconnected.
This feature allows BitPim to auto-detect phones being connected to a
PC running Linux (Windows PCs already have this feature available).
The approach is to use Linux Hotplug feature and let one BitPim
process notifies the other (main) BitPim process of USB devices being
added/removed. For IPC, I plan to use XMLRPC for one BitPim to talk
to the other. D-BUS or HAL protocol, once matured, would probably
provide a more graceful implementation (and when we decide to move
off RH9). Thoughts or comments?

-Joe Pham

_____________________________________________________________________
PrivatePhone - FREE telephone number & voicemail.
A number so private, you can make it public.
http://www.privatephone.com

Roger Binns

2006-08-15 03:57:25 UTC

Permalink

For IPC, I plan to use XMLRPC for one BitPim to talk to the other.

That is a bad idea since it raises all sorts of authentication
and security issues.

D-BUS or HAL protocol, once matured, would probably
provide a more graceful implementation (and when we decide to move
off RH9). Thoughts or comments?

I had looked at them a while back but everything seemed immature. I've
switched to a Linux desktop now and the programs that use dbus/hal work
well.

I'd suggest starting with a separate program that can even figure out
something useful has happened and then work on a communication
mechanism. If the former program has to operate as root then it will be
a bit of a pain.

As for getting of RH9, I think it is reasonable to say that BitPim is
useful on systems being used as desktops. Gaim is an IM client which is
also used on desktops:

http://gaim.sourceforge.net/downloads.php

The only way to pull that off requires using VMWare which I have or
VMWare server which is free. However I need some way of having typing
go to all the VMs at the same time (ie I can type 'make' and have it hit
9 VMs concurrently). Anyone aware of a tool that can do that?

Roger

Aaron M. Ucko

2006-08-15 14:21:28 UTC

Permalink

Post by Roger Binns
The only way to pull that off requires using VMWare which I have or
VMWare server which is free. However I need some way of having typing
go to all the VMs at the same time (ie I can type 'make' and have it hit
9 VMs concurrently). Anyone aware of a tool that can do that?

If you can arrange for them all to be running sshd, it looks like
http://sourceforge.net/projects/clusterssh/ should be able to take it
from there. (I've never used it myself, though.)

--
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger ***@monk.mit.edu (NOT a valid e-mail address) for more info.

Joe Pham

2006-08-16 02:36:37 UTC

Permalink

That is a bad idea since it raises all sorts of authentication and
security issues.

This is for one BitPim process to notify another BitPim process
within the same host, so I don't think any authentication is
required. Any specific security issues (probably on the server side)
do you have in mind?

I'd suggest starting with a separate program that can even figure
out something useful has happened and then work on a communication
mechanism.

Hotplug would call a script (usbcell), which then calls BitPim to
notify BitPim of the changes.

I'll check in some experimental code that does this for all to play
with it.

-Joe Pham

_____________________________________________________________________
PrivatePhone - FREE telephone number & voicemail.
A number so private, you can make it public.
http://www.privatephone.com

Roger Binns

2006-08-16 03:33:14 UTC

Permalink

Post by Joe Pham
This is for one BitPim process to notify another BitPim process
within the same host, so I don't think any authentication is
required.

So that means *any* other local process can notify the BitPim process?
Which means an external attacker just has to compromise the web server
and then they've got access to BitPim?

Post by Joe Pham
Any specific security issues (probably on the server side)
do you have in mind?

Generally this is done using private named pipes. It is also the case
that the user may have multiple BitPim sessions open (eg one on the
console and another via a VNC session). Typically environment variables
are used with a notifier run in a child process picking the environment
variable to get the pipe name.

Post by Joe Pham
Hotplug would call a script (usbcell), which then calls BitPim to
notify BitPim of the changes.

The problem is that usbcell is going to run as root. How on earth would
it find one (or more) BitPim processes to prod? Howe are you going to
make sure it clobbers the right process or writes to the right file?

As an alternative you may want to use the dnotify extension instead
listening on /dev and /proc/bus/usb. It doesn't specifically matter
which device is new - just have comscan/usbscan look for all devices.

Roger

Roger Binns

2006-08-17 04:56:35 UTC

Permalink

Post by Joe Pham
I'll check in some experimental code that does this for all to play
with it.

I highly disagree with the goals but very strongly disagree on the
implementation. On the technical side it doesn't allow for multiple
users on a machine (eg "fast user switching") and it doesn't allow one
user running multiple instances. The config port setting is rather
useless since the usbcell script will be running bitpim as root and
hence use root's config setting.

Joe Pham

2006-08-17 17:19:52 UTC

Permalink

It is far better to adopt an existing mechanism. {d,i}notify will
work and doesn't require the cooperation of other processes. dbus
already has a mechanism and others have put way more thought into
security.

All good and valid points. Sounds like DBUS or HAL is the way to
go. But AFAIK, neither is at 1.0 yet (which may or may not be an
issue). More importantly, neither is available with the stock RH9,
so that is a consideration. I'll also look into {i,d}notify.

-Joe Pham

_____________________________________________________________________
PrivatePhone - FREE telephone number & voicemail.
A number so private, you can make it public.
http://www.privatephone.com

Roger Binns

2006-08-19 20:06:02 UTC

Permalink

Post by Joe Pham
All good and valid points. Sounds like DBUS or HAL is the way to
go. But AFAIK, neither is at 1.0 yet (which may or may not be an
issue). More importantly, neither is available with the stock RH9,
so that is a consideration. I'll also look into {i,d}notify.

Note that RH9 is only used because binaries from that platform
work on every other current Linux distro. There is no need
for DBUS/HAL to actually work on RH9 - they just have to be
able to compile.

Roger