https://bugs.kde.org/show_bug.cgi?id=437672
Bug ID: 437672 Summary: Illegal/irrelevant file access Product: okular Version: 1.9.3 Platform: Ubuntu Packages OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: okular-de...@kde.org Reporter: erfankhademe...@gmail.com Target Milestone: --- Created attachment 138782 --> https://bugs.kde.org/attachment.cgi?id=138782&action=edit Firejail report SUMMARY I caught okular trying to access (syscall access) and open (syscall open64) my dotfiles. I have attached the list of such operations as logged by firejail in journal. It is worth noting that, the program tried to open only the following four files, while it tried to access almost all of my dotfiles: 1. /home/erfan/.xinitrc 2. /home/erfan/.wget-hsts 3. /home/erfan/.gitconfig 4. /home/erfan/.vimrc To find the exact list of files, search for "blacklist violation" in the attachment. I should also note that, I am using firejail's default profile for okular. by default it restricts network access and denies any file operation outside of /home/USER/Documents, and I found out about this weird behavior when the application was denied such access. It is really weird if this kind of operation is intended, as my document was in /home/erfan/Documents, so it didn't have anything to do with my dotfiles etc. I can reliably trigger this behavior if I do the exact same steps I described bellow on my PC. I haven't tried this on any other distro/PC yet. So this might very well be some malware in my PC :( STEPS TO REPRODUCE 1. Install firejail and run okular using firejail's default profile for okular 2. Open any PDF document inside /home/USER/Documents 3. Try to print it. The access pattern should happen as soon as you hit Ctrl+P to open printing dialog (No actual printing is required) OBSERVED RESULT The program tries to access files not related to printing, its configuration and/or the document which is open. SOFTWARE/OS VERSIONS Ubuntu 20.04 LTS, up-to-date as of filing this report. Okular is installed from the official repo using apt. -- You are receiving this mail because: You are watching all bug changes.