Does antitheft.py in olpcrd ever do anything?
dsd at laptop.org
Mon May 4 13:54:41 EDT 2009
2009/5/4 Martin Langhoff <martin.langhoff at gmail.com>:
> Today I've been working through the olpcrd and the OATC code, new
> keyjector, etc. Quite interesting read.
> One of the interesting things is: our "init" is antitheft.py, which
> checks for existing activation, registers signal handlers to deal with
> zombies, and then ... and sleeps. The sleep is heralded by a "do OATC
> stuff" comment.
> As far as I can see, it hasn't setup any other signal handler, it's
> not listening to any kernel event (inotify, etc). It is truly
> sleeping. Is there anything I am missing?
I don't think so. As far as I'm aware, it does nothing, but there were
probably plans for implementing some things later. I don't know
exactly what is pending or the reasons behind the design decision,
Scott is probably a good person to ask nicely...
> Frankly, I don't think we gain much from having a "smart" init past
> the init phase. The flow I am envisioning is as follows:
> - Let antitheft.py sleep, or let it exec a real lightweight init
> (assuming it releases memory).
> - Take advantage of the NetworkManager event called on ifup. When we
> associate successfully to a network, if we haven't gotten a lease
> recently, and the network looks like it may have a XS, request one.
> - If we get a new lease, validate it and save it as
> /security/lease.sig . We have the option here of being paranoid about
> DoS via OATC and writing it out to /security/new-lease.sig , to be
> re-validated and formally installed in the next boot. I don't think
> it's worthwhile.
> - If we get a STOLEN, shut down immediately.
> What do we miss, if we compare this with an 'OATC-checking init' model?
> - If you have root, it's easy to remove the NM script, whereas
> fiddling with init is pretty hard. However, even if you remove the NM
> hooks, the checks are performed on boot.
No they aren't. Or does your proposal include adding such checks during boot?
> - If the lease runs out while the machine is running, the next check
> is at reboot time.
> In any case, the XO has been rendered quite useless as it'll only run
> until it's rebooted...
> Why do I want to add logic in the NM hooks and not in the pythonesque
> init? A simple lightweight init is a good thing, and simple scripts
> from NM are easily made failsafe -- getting init to listen to NM
> events, establish network connections, etc is a fairly treacherous
> martin.langhoff at gmail.com
> martin at laptop.org -- School Server Architect
> - ask interesting questions
> - don't get distracted with shiny stuff - working code first
> - http://wiki.laptop.org/go/User:Martinlanghoff
> Devel mailing list
> Devel at lists.laptop.org
More information about the Devel