XML Desktop config files (was: Re: Tons of questions. And some patches

Bo Thorsen bo at sonofthor.dk
Tue Jan 27 12:05:41 GMT 2004


On Tuesday 27 January 2004 09:38, Dr. Juergen Pfennig wrote:
> On Monday 26 January 2004 22:10, Tobias Koenig wrote:
> > Hmm, are you sure the enterprise functionality of KDE will consists
> > of exchanging .desktop files?
>
> Hi Tobias,
> you are 100% wrong here - I am convinced. In an enterprise szenario
> people will use smb to share their windows folders. Since a long time
> everybody can use this to run a Denial Of Service attack aginst KDE: if
> you have a .desktop file there and you change it's attributes so that
> it cannot be read from the KDE side, Konqueror goes into a loop
> (catching a SIGBUS from mmap). As the samba client writes error
> messages to the system log, the disk very quickly fills and your linux
> box goes down (in other words: it crashes). I have reported this
> behaviour as a bug two weeks ago. This started some discussion about
> mmap() and caused me to do a benchmark and to write a new parser.
>
> As we went so far,  we should also consider the following point: what
> happens if one of the windows users edits one of his .desktop files or
> maybe even a part of a roaming KDE-profile with a windows editor? I
> wouldn't call that stupid, from the user's perspective this is correct.
> So let us fix our parser so that it no longer allows DOS attacks, that
> it can read files with cr/lf line breaks and that it ignores an
> optional BOM at the beginning. These changes are trivial. When the
> KConfig writes data back the old code will be called, no BOM is written
> and the line-termination char is lf. I really talk of the parser (the
> thing that reads the data) not of the logic behind (that interprets the
> data or that writes it back).
>
> In a mixed environment (in the enterprise) Microsoft formats are
> common. So I have started trying to convince the Kate devellopers to
> support the BOM too. A first reaction from Christoph Cullman shows me,
> that he would even accept that BOMs get written back if they were in
> the original file. That would be great news - Kate is a good editor and
> we will be able (in a mixed environment) to do some of our windows work
> from the KDE/Linux side. So what's wrong with that? Concerning patents:
> it's very unlikely that Microsoft can get a patent on using BOMs in
> text files.

How about a compromise? Make a patch to support BOM in the 
current .desktop file format, and sent it here together with some 
benchmarks on how it affects performance.

The XML discussion is not one you are going to get anywhere with, since 
the .desktop is an agreed upon standard between GNOME and KDE with the 
freedesktop initiative. But these two issues are completely independent, 
so I don't see why it's been tied together here.

And because it's a standard, there is no way it will be accepted to save 
these files in anything but the real format. However, for stability I 
would agree that it's good to at least be able to load them.

Bo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20040127/6625864d/attachment.sig>


More information about the kde-core-devel mailing list