ftp.nice.ch/pub/next/tools/workspace/Broadcast.README

This is the README for Broadcast.1.0.s.tar.gz [Download] [Browse] [Up]

Broadcast.daemon & displaymsg
by Gary Ritchie
Copyright (c) 1993 by NightShade Software.
Version 1.0: January 13, 1993


What the heck are these things?

These two programs let you pop-up a panel containing a message, on a system where someone else is logged in to the Workspace.  The user does NOT have to have public window server on.  These programs require NeXTSTEP 3.0.

Why would I want to do this?

Possible uses include:

X broadcasting a message to several machines to inform people that the network is going down (the building is on fire, aliens are landing, whatever)

X getting someone's attention when you want to "talk" to them and they aren't running a terminal

X really annoying someone who probably has important work to do

How does this work?  It sounds like a security hole.

Yup, it is.  The Broadcast.daemon is run every time a user logs in, and has full access to the Window Server no matter what the setting of Public Window Server in Preferences.  Broadcast.daemon has a public port through which displaymsg sends it a message telling it to display a panel.

Anyone having a copy of displaymsg configured with the same public port as your copy of Broadcast.daemon can pop-up panels on your display, even across the Internet.

To reduce this problem, I recommend that you create custom versions of these programs for your site, with your own "secret" public port name.  I tell how to do this below.  This isn't a giant security hole, because the Broadcast.daemon program only knows how to display a simple panel, and the user can kill it at any time using the Workspace's Processes panel.

Installation

For the security reasons above, I don't include complied binaries.  You must have a 3.0 development system to compile these.  You need to be root to do a "make install".

First, open the file Headers/shared.h.  There is a line which looks like the following:

//#define BROADCASTPORT "PutYourOwnStringHere"

Delete the two leading slashes, and replace PutYourOwnStringHere with something else.  Don't put spaces or punctuation in this new string.  This is the port name, so it should only be known to the system administrator.  Save the file when done making changes.

The Broadcast.daemon will attempt to install itself into /LocalApps.  If you want to put it elsewhere, open BroadcastDaemon/Makefile and change the DEST variable.

Open a terminal window, and cd to the BroadcastDaemon directory.  Then type make install.  This will compile and install Broadcast.daemon.

The displaymsg program will attempt to install itself in /usr/local/bin.  If you want to put it elsewhere, open displaymsg/Makefile and change the DEST variable.

Change into the displaymsg directory and type make install.

By default, the displaymsg program can be executed by anyone.  You may want to limit it to use by root by typing:

chown root /usr/local/bin/displaymsg
chmod 0700 /usr/local/bin/displaymsg

Now, each user who wants to see messages broadcast by displaymsg must launch Broadcast.daemon once.  It will install itself in the user's defaults the first time it is run, and will be launched automatically whenever the user logs in from then on.

Using displaymsg

To display the message "Run for your life" on the local machine, type:

	displaymsg "Run for your life"

Note the quotes around the message.

To say hi to someone on the machine mynext@somewhere.com, type:

	displaymsg "Hi, how's it going?" mynext@somewhere.com

Deinstallation

Delete /usr/local/bin/displaymsg and /LocalApps/Broadcast.daemon.  Each user must then remove the daemon from the LaunchPath default for Workspace; this is easiest to do with something like DefaultMgr.app.  Note that there may be other Workspace daemons using this default, so don't just delete the whole default.

Warranty

None, absolutely none.  Use at your own risk.  Let me know what bugs you find.  Workspace daemons are completely undocumented as far as I can see, so I may be breaking all sorts of NeXT rules by using them.  For all I know I have created the first NeXTSTEP virus.  It does seem to screw up the Workspace's Process panel quite frequently.

This source code is in the public domain.  You may modify and reuse it, but not sell it.  Please credit the original author if you create modified versions.

Gary Ritchie
gary@niagara.ucs.ualberta.ca

These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.