[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Suspend functionality for Entrance



On Fri, 25 Aug 2006 06:55:16 +0900
Carsten Haitzler (The Rasterman) <raster@rasterman.com> wrote:

> On Thu, 24 Aug 2006 20:51:19 +0100 Essien Ita Essien <essiene@datavibe.net>
> babbled:
> 
> > Eugen Minciu wrote:
> > > On Thu, 24 Aug 2006 18:08:52 +0000
> > > Hannes Janetzek <rastamasta@gmx.de> wrote:
> > >
> > > This sounds good too. It would be even better as a module, I think. I'm
> > > waiting for some other opinions on this subject and if other people agree,
> > > I'll try to start writing it in a few days. 
> > For what its worth, this is my 2cents take on this:
> > 
> > The ability to suspend is good from inside E, from Entrance and also 
> > from Desklock. There are times when you want to suspend at any of those 
> > points. My thinking is that this functionality should be available 
> > centrally for anyone (any app) to use. This means a library that is in 
> > one of the core EFL, like and Ecore_System [ecore_system_suspend(...), 
> > ecore_system_reboot(...), ecore_system_wtf(!) ;) etc]? I dunno. If that 
> > were done, it would be highly trivial to add the functionality to any 
> > point... even if you wanted to suspend from irssi while poking your 
> > tongue at raster ;)
> > 
> > So I'll say, probably go ahead and start with the module. But try to 
> > make the core easy to reuse, then we'll find a way to *lobby* that 
> > functionality into EFL main :)
> 
> i agree - it's useful in all places. in reality - most suspend systems use a
> script or command to initiate the suspend. the ONLY thing we need to do, is
> execute this script/command as root. i don't think we need an api - but what we
> DO need is to have a standard way to find what the name of this script is.
> 
> in unix "shutdown -h now" and "shutdown -r now" or "halt" or "reboot" are
> standard commands we can just blindly execute. we need to have people to
> research and share their findings on all the ways there are to:
> 
> suspend to ram
> suspend to disk
>

There's:
- uswsusp (s2disk, s2ram, s2both), 
- apm -z, 
- acpi, which defines events and actions, so anything could be used
- swsusp2 (hibernate) 

Not only are there many choices for such an option, but they're rather heterogeneous as well. Indeed you need a single application to call suspend to disk or suspend to ram regardless of the actual system used. 

Such an app just begs for plugins (there are only a few things it needs to do, check_susp2ram, check_susp2disk, check_local_user, susp2ram, susp2disk is all I can think of). 

The application can just check all the plugins for support and decide on which method it would be best to use. You could also only check for support for some of these methods, defined through a config.

The problem with this comes from the fact that APM (for example, there may be others) doesn't from what I've read provide any means of knowing wether suspend will actually work. 

Of course, it can be argued that this is not our problem to begin with and all we need to do is call suspend and let other people worry about wether it works or not, but it would be better if we could know this to prevent the user from an unintentional failure.

> i don't think this should go into ecore - it means shipping suid root binary
> tools in a shared lib to do this. i would leave it up to entrance (it is
> already root) to choose if it allows a user to do this (config options for
> security) and then do it - for e, it actually wouldn't be useful as a module -
> it would be core code - using a suid root binary util to do the footwork. e
> also needs to wrap shutdown and reboot too this way and it actually is a todo
> item.
 
> the problem now comes - how are we going to solve the security issue. having
> this binary around at all means any user on the sytsem can halt, reboot,
> suspend etc. it (in fact they can already be a little evil and speedstep the
> cpu up and down without needing root - cpufreq comes with a util bin to do
> this). basically we need to know that the user is ACTUALLY logged into the

> console (not remotely via ssh)
> 
> i.e.
> 
> [  6:43AM ~ ] who
> raster   pts/0        2006-08-25 06:24 (:0.0)
> raster   pts/1        2006-08-25 06:27 (:0.0)
> raster   pts/2        2006-08-25 06:43 (:0.0)
> bob      pts/3        2006-08-25 06:43 (localhost.localdomain)
>

Personally I think we're better of just leaving it non-suid and letting people use sudo or wever method they choose. It's up to the distribution/packager to turn it into an SUID if this is desired. It just needs to be coded carefully though.

I wanted to make two binaries (one that checks for support (no privs required I hope), one that actually suspends (prives required)). I would then use empower to call the suspend utility from within my module.

> we can see raster here is logged on at the console (:0.0 or :1.0 or :0.1 etc.)
> but bob is logged in from another system (i ssh'd into myself). we need a good
> way to check that the uid who is spawning the suid root util is logged in on
> the console - otherwise deny access.
> 
> we could execute "who" and parse the output - is this acceptable? is who as
> universal as i think? who itself opens /var/run/utmp (or /var/run/utmpx) and
> parses it itself. doing it ourselves may be a little faster and more efficient,
> but we don't need to do this very often (when you change cufreq governor or
> manually change cpu frequency or you ask to shutdown, reboot or suspend). if we
> don't diy then we need to contend with parsing - if the output differs.
> 
> so a who -m should do:
> 
> raster   pts/0        2006-08-25 06:24 (:0.0)
> 
> (ie the current user associated with stdin)
> 
> simply parse that 1 liner - look for the (...something...) and if that starts
> with localhost, :, 127.0.0.1, then we know the user is logged in locally or
> from locally and we can approve the action.
> 
Personally, this idea doesn't seem like the right thing to do. You're basically just adding an extra layer of security (which seems a bit flaky imho), when in fact you should let the system worry about its own security (as is the case with shutdown or reboot).

IIRC pam allows an admin to restrict certain commands to local users only. So I'm not sure we should be the ones doing this.

> now - back to if it should be in ecore - no, as entrance doesn't need this
> convoluted check system - just exec a command. only e needs it.
> 
> > Cheers,
> > Essien
> > >   
> > >   
> > >> Am Thu, 24 Aug 2006 18:43:58 +0300
> > >> schrieb Eugen Minciu <minciue@gmail.com>:
> > >>
> > >>     
> > >>> Hi,
> > >>>
> > >>> I'd like to add functionality for a 'suspend to disk' feature in
> > >>> Entrance, on Linux boxes. Right now, I'd like to allow this using
> > >>> uswsusp, which is the easiest to set up (it does require a very new
> > >>> Linux kernel version though). Of course, it should also be easy to
> > >>> setup for swsusp2. 
> > >>>
> > >>> Suspend to RAM could also be used with uswsusp, though I'm not sure
> > >>> about swsusp2.
> > >>>
> > >>> Also, I'm not aware of 'suspend to whatever' status in FreeBSD or any
> > >>> other supported operating systems at the moment.
> > >>>
> > >>>       
> > >> Hm, I don´t think entrance would be the best place for this
> > >> funtionality, since suspend is normaly used to resume to all open
> > >> applications in their current state. 
> > >>
> > >> But a module would be really nice :) I thought about doing such a
> > >> module. With config for what should happen on acpi events like
> > >> lid-open/close, etc, etc..
> > >>
> > >> If you start making a module, I could do the suspend2 stuff, since it is
> > >> the only method that works for me.
> > >>
> > >>
> > >> Regards,
> > >> Hannes 
> > >>
> > >>   
> > >>
> > >>
> > >>     
> > >>> So as I see it right now, I should code the following.
> > >>>
> > >>> 1) Check to see wether the OS supports suspend to ram or suspend to
> > >>> disk. 2) Add two callbacks for each of the operations.
> > >>> 3) Display two buttons for this functionality. In fact it could even
> > >>> be 3 buttons as uswsusp can suspend to both at the same time.
> > >>>
> > >>>
> > >>> Or maybe we shouldn't even bother with extra buttons
> > >>> maybe the user should see a menu, or maybe he should be allowed to
> > >>> select a 'default mode of operation', where, if he chooses so, the
> > >>> power off button would suspend to hard-drive, or to RAM.
> > >>>
> > >>> I'm waiting on your opinion regarding this entire thing. Also, I
> > >>> can't do any graphical stuff (clueless) so if I you guys decide you
> > >>> want me to do this, I can't be of any help with the graphics.
> > >>>
> > >>> Cheers,
> > >>> Eugen.
> > >>>
> > >>> -------------------------------------------------------------------------
> > >>> Using Tomcat but need to do more? Need to support web services,
> > >>> security? Get stuff done quickly with pre-integrated technology to
> > >>> make your job easier Download IBM WebSphere Application Server
> > >>> v.1.0.1 based on Apache Geronimo
> > >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > >>> _______________________________________________ enlightenment-devel
> > >>> mailing list enlightenment-devel@lists.sourceforge.net
> > >>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> > >>>
> > >>>       
> > >> -------------------------------------------------------------------------
> > >> Using Tomcat but need to do more? Need to support web services, security?
> > >> Get stuff done quickly with pre-integrated technology to make your job
> > >> easier Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > >> Geronimo
> > >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > >> _______________________________________________ enlightenment-devel
> > >> mailing list enlightenment-devel@lists.sourceforge.net
> > >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> > >>     
> > >
> > > -------------------------------------------------------------------------
> > > Using Tomcat but need to do more? Need to support web services, security?
> > > Get stuff done quickly with pre-integrated technology to make your job
> > > easier Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > > Geronimo
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > > _______________________________________________ enlightenment-devel mailing
> > > list enlightenment-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> > >   
> > 
> > 
> > -------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > _______________________________________________
> > enlightenment-devel mailing list
> > enlightenment-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> > 
> 
> 
> -- 
> ------------- Codito, ergo sum - "I code, therefore I am" --------------
> The Rasterman (Carsten Haitzler)    raster@rasterman.com
> 裸好多
> Tokyo, Japan (東京 日本)