From b12b1ddf4880a5157b5edac05e0ef381e9148aae Mon Sep 17 00:00:00 2001 From: "Richard J. Moore" Date: Wed, 1 Jan 2014 16:58:19 +0000 Subject: Prevent foolish use of setuid when using Qt. In order to prevent people from shooting themselves in the foot, abort if we're running setuid. This behavior can be disabled by calling QCoreApplication::setSetuidAllowed(true) in order to support legacy code. [ChangeLog][QtCore][Important Behavior Changes] Running Qt applications that are setuid has been prevented. If you really need to do this then you can call QCoreApplication::setSetuidAllowed(true) before creating the QCoreApplication instance. Change-Id: I992a9a0cd8420693d438852a05666e3dbb2c9d6a Reviewed-by: Olivier Goffart Reviewed-by: Frederik Gladhorn Reviewed-by: Lars Knoll --- src/corelib/kernel/qcoreapplication.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/corelib/kernel/qcoreapplication.h') diff --git a/src/corelib/kernel/qcoreapplication.h b/src/corelib/kernel/qcoreapplication.h index ae17aeec0e..c2843030fd 100644 --- a/src/corelib/kernel/qcoreapplication.h +++ b/src/corelib/kernel/qcoreapplication.h @@ -112,6 +112,9 @@ public: static void setApplicationVersion(const QString &version); static QString applicationVersion(); + static void setSetuidAllowed(bool allow); + static bool isSetuidAllowed(); + static QCoreApplication *instance() { return self; } #ifndef QT_NO_QOBJECT -- cgit v1.2.3 From af8c35bda4fd245061e3a43df32f705903e855dd Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Mon, 3 Feb 2014 15:37:42 -0800 Subject: Deprecate {QCoreApp,QAbstractEventDispatcher}::hasPendingEvents() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function has a flawed design. It was flawed when it was added in Qt 3.0. A "false" return value is racy: any other thread running may post events to the current thread, thus making the result stale. That includes Qt starts for its own purposes when it comes to the main thread, like the Scene Graph thread, the QProcessManager thread, the Windows QAdoptedThread watcher thread, the Windows pipe writer thread, etc. A "true" return is stable only if the selected thread is stopped, which includes selecting the current thread (the case of QCoreApplication). For that reason, this method should not be public, but a protected one so that a public static could call it. But even that would not solve the race condition from the previous paragraph (hence why QCoreApplication::hasPendingEvents being deprecated too). And, to top all of that off, all but one of the implementations access the GUI thread's event loop counter in a non-thread-safe manner. I've changed the documentation to restrict to the only currently-working use- application. [ChangeLog][QtCore][Event loop] QCoreApplication::hasPendingEvents and QAbstractEventDispatcher::hasPendingEvents are now deprecated. Please refer to the documentation for more information. Task-number: QTBUG-36611 Change-Id: Iac61f307e9672839944ae2f75abb1aea30c419f6 Reviewed-by: Giuseppe D'Angelo --- src/corelib/kernel/qcoreapplication.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/corelib/kernel/qcoreapplication.h') diff --git a/src/corelib/kernel/qcoreapplication.h b/src/corelib/kernel/qcoreapplication.h index c2843030fd..d8c52fbf1d 100644 --- a/src/corelib/kernel/qcoreapplication.h +++ b/src/corelib/kernel/qcoreapplication.h @@ -127,7 +127,9 @@ public: static void postEvent(QObject *receiver, QEvent *event, int priority = Qt::NormalEventPriority); static void sendPostedEvents(QObject *receiver = 0, int event_type = 0); static void removePostedEvents(QObject *receiver, int eventType = 0); - static bool hasPendingEvents(); +#if QT_DEPRECATED_SINCE(5, 3) + QT_DEPRECATED static bool hasPendingEvents(); +#endif static QAbstractEventDispatcher *eventDispatcher(); static void setEventDispatcher(QAbstractEventDispatcher *eventDispatcher); -- cgit v1.2.3