XML Desktop config files (was: Re: Tons of questions. And some patches
Dr. Juergen Pfennig
info at j-pfennig.de
Tue Jan 27 08:38:06 GMT 2004
On Monday 26 January 2004 22:10, Tobias Koenig wrote:
> Hmm, are you sure the enterprise functionality of KDE will consists of
> exchanging .desktop files?
you are 100% wrong here - I am convinced. In an enterprise szenario people
will use smb to share their windows folders. Since a long time everybody can
use this to run a Denial Of Service attack aginst KDE: if you have a .desktop
file there and you change it's attributes so that it cannot be read from the
KDE side, Konqueror goes into a loop (catching a SIGBUS from mmap). As the
samba client writes error messages to the system log, the disk very quickly
fills and your linux box goes down (in other words: it crashes). I have
reported this behaviour as a bug two weeks ago. This started some discussion
about mmap() and caused me to do a benchmark and to write a new parser.
As we went so far, we should also consider the following point: what happens
if one of the windows users edits one of his .desktop files or maybe even a
part of a roaming KDE-profile with a windows editor? I wouldn't call that
stupid, from the user's perspective this is correct. So let us fix our parser
so that it no longer allows DOS attacks, that it can read files with cr/lf
line breaks and that it ignores an optional BOM at the beginning. These
changes are trivial. When the KConfig writes data back the old code will be
called, no BOM is written and the line-termination char is lf. I really talk
of the parser (the thing that reads the data) not of the logic behind (that
interprets the data or that writes it back).
In a mixed environment (in the enterprise) Microsoft formats are common. So I
have started trying to convince the Kate devellopers to support the BOM too.
A first reaction from Christoph Cullman shows me, that he would even accept
that BOMs get written back if they were in the original file. That would be
great news - Kate is a good editor and we will be able (in a mixed
environment) to do some of our windows work from the KDE/Linux side. So
what's wrong with that? Concerning patents: it's very unlikely that Microsoft
can get a patent on using BOMs in text files.
More information about the kde-core-devel