[maemo-developers] Security Guidance for N800 OS development

From: Gustavo Sverzut Barbieri barbieri at gmail.com
Date: Wed Feb 21 22:35:32 EET 2007 
On 2/20/07, Marius Gedminas <marius at pov.lt> wrote:
> On Mon, Feb 19, 2007 at 09:00:18PM +0000, Dave Cridland wrote:
> > If you're running network daemons on the device, you deserve
> > everything you get, of course, but even then, there's plenty of
> > documents and guides.
>
> Canola comes with a network daemon.  It listens on 127.0.0.1:9000 (the
> configuration web server, inaccessible from outside unless you check
> some checkbox) and on port 0.0.0.0:39500 (no idea why, but I can telnet
> to this port from outside).


Just to be clear:

   - canola-conf listen to 127.0.0.1:9000 (can be changed using
GConf), it's a webserver that serves HTML, JS, ... it's written using
libsoup and actions (/actions/ClassName/{get,set}_data and
/actions/ClassName/get_presentation) is written in C, for objects that
implement CnlIConfigure interface, so far I wrote them all. I'm still
not aware of any buffer overflow that could compromise the device.
Worth remembering that it runs as "user", not root.
   - canola listen to 0.0.0.0:39500 (tcp), 0.0.0.0:39400 and
0.0.0.0:1900 (udp) due CLinkC/UPnP library, it's provided by Nokia and
also used by Media Streamer.

Canola-Conf is started at boot time and can be started using DBus
activation by Canola or Applet, it stay up and running (actually,
sleeping) all the time, monitoring MMC using GnomeVFS and doing rescan
when something changes. It also serves as webserver as explained
above.

-- 
Gustavo Sverzut Barbieri
--------------------------------------
Jabber: barbieri at gmail.com
   MSN: barbieri at gmail.com
  ICQ#: 17249123
 Skype: gsbarbieri
Mobile: +55 (81) 9927 0010
 Phone:  +1 (347) 624 6296; 08122692 at sip.stanaphone.com
   GPG: 0xB640E1A2 @ wwwkeys.pgp.net
More information about the maemo-developers mailing list