Main Inclusion Report for sl-modem into restricted

NOTE that this package is NOT FREE SOFTWARE and should not go in main. This article is a report on its suggested promotion from multiverse to restricted.

Introduction

sl-modem is a binary-only implementation of V.90 et al which runs in userspace on the host CPU. Given a suitable softmodem (one which is supported by the kernel's sound drivers) this provides a tty interface to the modem which can be used for dialup networking.

The package is known upstream as "slmodem" or "Smart Link Soft Modem for Linux"; the supported hardware is known as "Alsa modems", "AC97-like modems", or "HAMR" or "AMR/CNR/MDC/ACR".

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/multiverse/s/sl-modem; available for i386 only.

2. Rationale:

   • Including this package in restricted will provide support for a large proportion of winmodems as specified in Out of the box winmodem support, a spec targeted for feisty.

3. Security:

   • I can find no record of any at all relevant vulnerabilities documented anywhere, having looked for various search terms including "modem", "soft modem" (where phrase searching is supported), smartlink, sl-modem, slmodem, sl-modem-daemon, at CVE, Secunia and with Google.
   • The lack of vulnerability information probably reflects the lack of source for the core of the program rather than a lack of vulnerabilities.

   • The principal content of the package is a daemon slmodemd which starts as root. This daemon contains a substantial chunk of code provided by upstream only as a .o file (1.2Mby). This daemon is exposed to incoming Vxx modem signals, and of course it carries application data which the various modem standards are expected to compress; at least some of the compression code is provided in source code form.

   • If the user chooses to use the package to dial out, this daemon is exposed to large quantities of untrusted and untrustworthy network data.
   • In upstream the daemon runs as root throughout its entire lifetime. Since there does not seem to be any particularly good reason for this, we have modified the ubuntu package in 2.9.10+2.9.9d+e-pre2-5ubuntu1 to have slmodemd drop privileges to a private user/group after startup and before any untrusted modem or tty data is processed.

   • I (iwj) have briefly reviewed the structure of the sl-modem source package and it seems reasonable. I have also done an ad-hoc review of a couple of bits of the source code that were provided (handling of at_cmd by modem/*.c) and the code seems of reasonable quality.

4. Quality assurance:

   • When this package is installed on a system with this kind of modem, dialup support is automatically available via a new modem port. The default configuration has the following known deficiencies:

     1. It is apparently necessary to run sudo dpkg-reconfigure sl-modem-daemon -plow to allow the system to capture the nationality of the local telephone system. This is documented at https://help.ubuntu.com/community/DialupModemHowto/AlsaModem.

     2. Pulse dialling does not seem to work reliably with this softmodem, in my tests. I think the default should be changed to tone dialling for all dialup networking; this is a change to be made in another package (package TBD).

     3. It is necessary to enter the magic string /dev/ttySL0 in the network settings. However, this is no worse than existing dialup support which likewise requires the user to specify the tty to use.

     4. Dialup network configuration does not work correctly with ppp at the moment because the ppp/peers/ppp0 file created does not say noauth. This is a bug which affects all existing dialup support and should be fixed for feisty.

     5. User requests to initiate and close down the network, are done via network-manager. Unfortunately the progress and error reporting for dialup networking are hopelessly inadequate - for example, the user must read an obscure logfile, and it is necessary to select "disconnect" after a failed attempt, before selecting "connect". This is not specific to sl-modem based dialup, however.
   • This package does not ask any debconf questions with priority higher than medium; the question about the country is only asked during dpkg-reconfigure as described above.

   • Debian bugs: none of any significant interest.

   • Maintenance in Debian is pretty active.

   • Upstream's most recent upload appears to be from mid-February. Unfortunately upstream don't seem to have a proper home page or bug tracker.

   • Hardware: This package supports alsa-supported softmodems, which are the most common kind of softmodem. The kernel support is provided by appropriate alsa "soundcard" drivers which are already included in feisty main/restricted.

5. Standards compliance:

   • The packaging is quite simple and appears to comply with FHS and Debian policy.
   • A single udev rule is provided to start the slmodemd when an slusb device is detected. I have not been able to test this as I don't have a relevant USB-based softmodem. As I understand it the majority of softmodems are built-in rather than USB.
   • There are no libraries in this package. The package does not use a patch system. The debian/rules is evidently based on a debhelper-using template and doesn't look unreasonable on a cursory glance.

6. Dependencies:

   • The build-dependencies are all in main.
   • sl-modem-daemon.deb's dependencies are all in main.
   • There is an additional binary package, sl-modem-source, which IMO we do not need to support. It depends on module-assistant from universe.

7. Freedom:

   • This package is not free software so in accordance with the Ubuntu license policy, a separate decision will need to be taken (or, if it has already been taken, restated here) regarding whether this support is sufficiently important to include the package in restricted.

Reviewers

MartinPitt: approved