[prev in list] [next in list] [prev in thread] [next in thread]
List: kwin
Subject: concerning dbusmenu powered menus in the titlebar
From: Thomas_Lübking <thomas.luebking () gmail ! com>
Date: 2011-03-29 20:01:34
Message-ID: op.vs4e8vc69bmiid () localhost ! localdomain
[Download RAW message or body]
Hi all,
since i read alot about this and it's pretty hyped, i guess i should share
my thoughts (i've made long before, because the approach/request isn't
exactly /that/ new ;-)
Preface:
---------
1. I attached Aurélien so he can maybe rule out (some of) my concerns
2. I assume to be not suspicious to protect menubars ;-)
3. I claim some experience in "runtime fucking around with foreign
objects" ;-)
4. This is not so much about dbusmenu in general but in particular when
stuffing it on top of existing code.
Prologue:
----------
When writing the XBar stuff to "get back the menu where it belongs" i did
face the question whether to export only the menubar and somehow mangle
the popups in (open, reosition, close) or to export the entire menu
structure.
I chose the first variant (which i knew would be trickier...) for those
concerns. It's not that i'd be rushing in with no idea ;-)
1. Principal (but actually minor) - Security
--------------------------------------------
Exporting the entire menu hierarchy has a security risc - not even that
much about malware but simply because existing menus might expect certain
parameters etc. and don't check the input which now comes from an external
source.
At least it's it not as worse as the GGM approach using xproperties
becuase dbus provides (basic) user protection (ggm would allow you to
control a root level client from any user account... including any ssh
login...)
2. Feature restriction (still minor)
-----------------------------------
a) QDusMenu cannot possibly handle QWidgetActions. This would be an
immediate blocker, but they won't work on MacOS either (so they should
simply not exist)
Therefore, while not an ultimate blocker this might be source of some
annoyance - I know that Aurélien has patched out the stupid throbber for
this reason. There might however be more incidents like this (in less
popular applications)
A certain fail (even for the menubar) is kdevelop (weird menubar layout)
which is simply blacklisted in XBar, but just because it's kdevelop and
not knotrelevant - which must not be broken either.
Passing the popups across dbus obviously raises the chance of resp.
failure, not only because Nokia refused [1] to add official support for
texted separators (aka "headers") and therefore fix the paint order of
QMenu items...
b) QAction::data() can carry all kinds of QVariants, being expected at the
attached slot (I do that alot ;-)
3. Code state uncertainty
---------------------------
Theoretically the application state might rely on certain events of the
popups, ie. ideally listen to the aboutToShow signal (this is a general
approach to create dynamic content in menus), less ideally by catching
QEvent::Show or ::Hide in an eventFilter()
Also it's possible to link one slot to the menus triggered signal instead
of many slots to the action ones, so this signal as to (properly) fire as
well.
I don't know whether the QDBusMenu patch includes it, but this event
"faking" has to be patched into QMenu to ensure things keep working (been
the ultimate stopper on my side, then ;-)
Epilogue:
----------
While in general open to other concepts of the menubar (in general i avoid
to add one in the first place - it's a stupid dumpster for "i'll find a
better solution later on") i do not share the opinion that this is a
trivial task.
I mean: trivial to add to a kwin deco - sure. Trivial to export a random
foreign menu from a platform plugin etc. - errrrm.... rather not ;-)
It will include to
a) ensure to cover non-regular menu usages
b) walk through KDE applications and ensure they do NOT contain a
QWidgetAction in a QMenu...
c) walk through KDE applications and ensure their menu slots have proper
input sanitation
Summary:
----------
Putting the menubar into a toolbutton is trivial, passing it across dbus
is probably not :-(
Cheers,
Thomas
[1] http://bugreports.qt.nokia.com/browse/QTBUG-6016
_______________________________________________
kwin mailing list
kwin@kde.org
https://mail.kde.org/mailman/listinfo/kwin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic