Does antitheft.py in olpcrd ever do anything?

Daniel Drake dsd at laptop.org
Mon May 4 13:54:41 EDT 2009


2009/5/4 Martin Langhoff <martin.langhoff at gmail.com>:
> Today I've been working through the olpcrd and the OATC code, new
> keyjector, etc. Quite interesting read.
>
> One of the interesting things is: our "init" is antitheft.py, which
> checks for existing activation, registers signal handlers to deal with
> zombies, and then ... and sleeps. The sleep is heralded by a "do OATC
> stuff" comment.
>
> As far as I can see, it hasn't setup any other signal handler, it's
> not listening to any kernel event (inotify, etc). It is truly
> sleeping. Is there anything I am missing?

I don't think so. As far as I'm aware, it does nothing, but there were
probably plans for implementing some things later.  I don't know
exactly what is pending or the reasons behind the design decision,
Scott is probably a good person to ask nicely...

> Frankly, I don't think we gain much from having a "smart" init past
> the init phase. The flow I am envisioning is as follows:
>
>  - Let antitheft.py sleep, or let it exec a real lightweight init
> (assuming it releases memory).
>
>  - Take advantage of the NetworkManager event called on ifup. When we
> associate successfully to a network, if we haven't gotten a lease
> recently, and the network looks like it may have a XS, request one.
>
>  - If we get a new lease, validate it and save it as
> /security/lease.sig . We have the option here of being paranoid about
> DoS via OATC and writing it out to /security/new-lease.sig , to be
> re-validated and formally installed in the next boot. I don't think
> it's worthwhile.
>
>  - If we get a STOLEN, shut down immediately.
>
> What do we miss, if we compare this with an 'OATC-checking init' model?
>
>  - If you have root, it's easy to remove the NM script, whereas
> fiddling with init is pretty hard. However, even if you remove the NM
> hooks, the checks are performed on boot.

No they aren't. Or does your proposal include adding such checks during boot?

>  - If the lease runs out while the machine is running, the next check
> is at reboot time.
>
> In any case, the XO has been rendered quite useless as it'll only run
> until it's rebooted...
>
> Why do I want to add logic in the NM hooks and not in the pythonesque
> init? A simple lightweight init is a good thing, and simple scripts
> from NM are easily made failsafe -- getting init to listen to NM
> events, establish network connections, etc is a fairly treacherous
> thing.
>
> cheers,
>
>
>
> martin
> --
>  martin.langhoff at gmail.com
>  martin at laptop.org -- School Server Architect
>  - ask interesting questions
>  - don't get distracted with shiny stuff  - working code first
>  - http://wiki.laptop.org/go/User:Martinlanghoff
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>



More information about the Devel mailing list