Re: Shipping Vera with 2.4



Hi,

On Thu, Feb 27, 2003 at 02:51:14PM +0000, Michael Meeks wrote: 
> 	There are also the following bugs/mis-features I saw with a brief
> glance, correct me if I'm wrong:
> 
> 	* missing syscall error handling
> 	* blocking accept
> 	* not handling EINTR
> 	* assuming non-blocking / short reads [ possibly in-spec, 
> 	  perhaps better to use NON_BLOCK ].
> 	* blocking connection write
> 	* no error checking / short write handling on write
> 	* server_cb locks in a tight loop on 'read' error
> 	* looks like it creates an insecure, world writable /tmp
> 	  Unix domain socket -> instant, huge security hazard
> 	* doesn't do collision checking => instant DOS attack.
> 

This is mostly bogus; for example the EINTR handling is in the
wrappers around the syscalls, you just didn't see it, short write
handling also exists, and no /tmp UNIX domain socket is created
anywhere as far as I know. Maybe in the test suite. Are there lots of
bugs? Sure. But you're just making some of this stuff up.

> 	None of that is particularly hard to fix: the message is simple however
> - re-use code, preferably that tested over a long period.

I'm happy to re-use code when it does the job, but there is no code I
know of that's suitable. The immediate agenda for D-BUS is:

 - the systemwide message bus daemon where both a system user
   and all logged-in users can connect to the same bus 
   with some sane security setup
 - a per-login-session message bus for situations where you 
   want to broadcast some notification
 - an IPC system that can drop in as a DCOP replacement for KDE

If you want to have a real thread contrasting CORBA and D-BUS and
discussing when each one is useful and where GNOME is going in this
area, we can do that. Probably shouldn't be this thread.
You should really read the xdg-list and message-bus-list archives
first though.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]