Disabling new D-Bus protocol features by default

Thiago Macieira thiago at kde.org
Mon Nov 8 23:33:02 PST 2010 

On Tuesday, 9 de November de 2010 02:07:16 Lennart Poettering wrote:
> Supporting this per-connection will not work. If at all you need to make
> this a per-filter flag. But I personally I believe that applications
> which cannot deal with the data they receive should be fixed. It is
> always a problem if apps choke if somebody sends them a different data
> type then they expect. And whether that unexpected data type a classic
> type, or a new one, doesn't really matter here. 

You know, the code that is broken here is our own: libdbus-1. It disconnects 
when a new type is received. So a D-Bus 1.4 client cannot talk to a D-Bus 1.2 
client. That's why you added the negotiation feature in the first place, 
remember?

> People must validate the data they receive. While D-Bus already does a
> lot of work (too much I believe) for them, ultimately matching up the
> function signatures to the messages received is a job for the app
> itself.

Now we know that new types can be added, so new code will probably be written 
to accommodate this. I'm not so sure of existing code, since there was no hint 
in the spec that new types could ever be added. So this existing code might be 
assuming it knows of all possible types and might throw a fit when a new type 
comes into existence.

Then there's also the problem of variants: the new type might "leak through" 
to upper layers of the code.

> (Besides that I detest flag-style fields in APIs. It's bad style. Just
> add proper boolean flags.)

(You're trying to bait me)

> Can you point us to actual problem reports for this?

Right now, only theoretical. I might be splitting hairs here, but I'm trying 
to fix this before it becomes a real problem.

Crashing ConsoleKit, PolicyKit, Hal, Avahi or other system services from a 
non-privileged connection sounds serious to me.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20101109/51294597/attachment.pgp>

More information about the dbus mailing list