bug #143859. Possible security issue.

Raúl Sánchez Siles rss at barracuda.es
Thu Jun 21 15:30:45 BST 2007


Tobias Koenig wrote:

> On Tue, Jun 19, 2007 at 06:00:33PM +0200, Raúl Sánchez Siles wrote:
>>   Hello
> Hi Raúl,
> 
>> int main(void)
>> {
>>   DCOPClient* client = kapp->dcopClient();
>>   if (client && client->attach())
>>     DCOPRef("kdesktop","KScreenSaverIface").call("lock");
>> 
>>   In this way the DCOP call is supposed to be synchronous and the bugs
>> should be solved. The problem is that the DCOP call doesn't seem to be
>> executed.
>> 
>>   I will consider calling "lock()" instead of "lock" but I don't know if
>> that's the problem. I think the problem should be elsewhere, so any help
>> is much appreciated.
> No, the problem is exactly there! The dcop method names must be called
> with '()' at the end, otherwise it doesn't work...
> 
> Ciao,
> Tobias

  Thanks again for your valuable reply. If you pay attention to that
example, I used the DCOPRef object. Doing some more tests I discovered that
using DCOPClient and DCOPRef objects at the same time leads to some
inconsistency. Indeed with that piece of code (using lock() ) I see a kded
oops for some reason, the code is a kded module (this part of klaptopdaemon
is). If I remove the DCOPClient usage in that function, the result seems to
be correct and consistent.

  I didn't have the time to find out the cause of that inconsistency, but I
hope to find it. I think this time I'm following the right path, if you
don't think so I'll appreciate you comment on that.

  I'll keep you informed.

  My concern with this solution is that removing DCOPClient could be more
intrusive than advisable since we're talking about kde3. So things as are
now show 2 possible solutions IMHO: using call with DCOPRef (which seems to
be working) or using DCOPClient call method. The latter implies declaring
some more variables as Hans suggested.

Regards,

-- 
Raúl Sánchez Siles





More information about the kde-core-devel mailing list