5388cf396e
More info: https://bugzilla.redhat.com/show_bug.cgi?id=585394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172 dbus-glib was not properly enforcing the 'access' permissions on object properties exported using its API. There were 2 specific bugs: 1) dbus-glib did not enforce the introspection read/write property permissions, so if the GObject property definition allowed write access (which is sometimes desirable), D-Bus clients could modify that value even if the introspection said it was read-only 2) dbus-glib was not filtering out GObject properties that were not listed in the introspection XML. Thus, if the GObject defined more properties than were listed in the introspection XML (which is also often useful, and MM uses this quite a bit) those properties would also be exposed to D-Bus clients. To fix this completely, you need to: 1) get dbus-glib master when the patch is commited, OR grab the patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and build a new dbus-glib 2) rebuild ModemManager against the new dbus-glib
ModemManager. The problem ModemManager tries to solve is to provide a unified high level API for communicating with (mobile broadband) modems. While the basic commands are standardized, the more advanced operations (like signal quality monitoring while connected) varies a lot. Using. ModemManager is a system daemon and is not meant to be used directly from the command line. However, since it provides DBus API, it is possible to use 'dbus-send' command to control it from the terminal. There's an example program (tests/mm-test.py) that demonstrates the basic API usage. Implementation. ModemManager is a DBus system bus activated service (meaning it's started automatically when a request arrives). It is written in C. The devices are queried from HAL and automatically updated based on hardware events. There's a GInterface (MMModem) that defines the modem interface and any device specific implementation must implement it. There are two generic MMModem implementations to support the basic operations (one for GSM, one for CDMA,) which are common for all cards. Plugins. Plugins are loaded on startup, and must implement the MMPlugin interface. It consists of a couple of methods which tell the daemon whether the plugin supports a HAL UDI and to create custom MMModem implementations. It most likely makes sense to derive custom modem implementations from one of the generic classes and just add (or override) operations which are not standard. There's a fully working plugin in the plugins/ directory for Huawei cards that can be used as an example for writing new plugins. Writing new plugins is highly encouraged! API. The API is open for changes, so if you're writing a plugin and need to add or change some public method, feel free to suggest it!