XML Desktop config files (was: Re: Tons of questions. And some patches

Dr. Juergen Pfennig info at j-pfennig.de
Tue Jan 27 08:38:06 GMT 2004


On Monday 26 January 2004 22:10, Tobias Koenig wrote:

> Hmm, are you sure the enterprise functionality of KDE will consists of
> exchanging .desktop files?

Hi Tobias,
you are 100% wrong here - I am convinced. In an enterprise szenario people 
will use smb to share their windows folders. Since a long time everybody can 
use this to run a Denial Of Service attack aginst KDE: if you have a .desktop 
file there and you change it's attributes so that it cannot be read from the 
KDE side, Konqueror goes into a loop (catching a SIGBUS from mmap). As the 
samba client writes error messages to the system log, the disk very quickly 
fills and your linux box goes down (in other words: it crashes). I have 
reported this behaviour as a bug two weeks ago. This started some discussion 
about mmap() and caused me to do a benchmark and to write a new parser.

As we went so far,  we should also consider the following point: what happens 
if one of the windows users edits one of his .desktop files or maybe even a 
part of a roaming KDE-profile with a windows editor? I wouldn't call that 
stupid, from the user's perspective this is correct. So let us fix our parser 
so that it no longer allows DOS attacks, that it can read files with cr/lf 
line breaks and that it ignores an optional BOM at the beginning. These 
changes are trivial. When the KConfig writes data back the old code will be 
called, no BOM is written and the line-termination char is lf. I really talk 
of the parser (the thing that reads the data) not of the logic behind (that 
interprets the data or that writes it back).

In a mixed environment (in the enterprise) Microsoft formats are common. So I 
have started trying to convince the Kate devellopers to support the BOM too. 
A first reaction from Christoph Cullman shows me, that he would even accept 
that BOMs get written back if they were in the original file. That would be 
great news - Kate is a good editor and we will be able (in a mixed 
environment) to do some of our windows work from the KDE/Linux side. So 
what's wrong with that? Concerning patents: it's very unlikely that Microsoft 
can get a patent on using BOMs in text files.

Yours Jürgen





More information about the kde-core-devel mailing list