Unix FD Passing
Thiago Macieira
thiago at kde.org
Wed May 20 15:40:17 PDT 2009
Lennart Poettering wrote:
>> It's basically a loop around a DBusMessageIter until it returns false:
>> if the element is a basic type, it uses dbus_message_iter_get_basic
>> and dbus_message_iter_append_basic. If the element is an array and its
>> type is of fixed size, it uses dbus_message_iter_get_fixed_array and
>> dbus_message_iter_append_fixed_array. Otherwise, it enters the element
>> and recurses.
>
>Qt should verify the types more closely before it does this. Trying to
>do generic code like that is doomed to fail anyway: don't try to
>generically handle data you don't understand. Simply because of
>security reasons: after all this is untrusted data. You need to know
>what you are touching.
Not my fault.
This is exactly the suggested code in:
http://dbus.freedesktop.org/doc/dbus/api/html/group__DBusMessage.html#g580376979e156abe06bbb3ccc3fc6d4c
If the API says I can do that, then we shouldn't make liars out of us.
In any case, I think that explicitly enabling the feature in libdbus is
the safe way to go.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090521/53bf37e4/attachment.pgp
More information about the dbus
mailing list