Unix FD Passing
Havoc Pennington
havoc.pennington at gmail.com
Wed May 20 15:23:10 PDT 2009
Hi,
On Wed, May 20, 2009 at 6:08 PM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
>
> Qt should verify the types more closely before it does this. Trying to
> do generic code like that is doomed to fail anyway: don't try to
> generically handle data you don't understand. Simply because of
> security reasons: after all this is untrusted data. You need to know
> what you are touching.
Qt did know what it was touching, given the API guarantees of libdbus,
which promised that if is_fixed() you could use the get_fixed_array().
We're the ones breaking compat here.
I think Thiago's suggestion is an interesting one, to have feature levels.
dbus_connection_set_feature_level(connection, DBUS_FEATURE_LEVEL_1);
Though, we have the same old problem that it's a global property of a
connection that may have multiple bindings using it - sort of like the
"who sets up the main loop" problem. Given that feature levels would
have to be set before the connection was used (before auth), it's
tough to see much way around this, other than whoever sets up the
feature level (presumably the app, maybe the desktop framework) just
has to know which bindings it's allowing/using and what they support.
Havoc
More information about the dbus
mailing list