https://bugs.kde.org/show_bug.cgi?id=440986
Bug ID: 440986
Summary: Okular is able to overwrite read-only files
Product: okular
Version: 20.12.3
Platform: Debian testing
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: okular-devel@kde.org
Reporter: adriano.vil...@yahoo.com
Target Milestone: ---
SUMMARY
I came across a very weird behavior while annotating a pdf file in Okular. Long
story short: I opened a read-only pdf file (permissions: 400), inserted some
comments and hit the save button. At this point, I thought I had been working
on a write-enabled copy of the file. After a while, I realized that I was
actually working on the read-only version of the file, that somehow got saved
to disk when I hit the save icon. Okular was not only able to save the file to
disk, but the file permissions were changed to 644.
To be honest, I was able to reproduce the problem with Xournal. This makes me
think that the problem may not be with Okular or Xournal, but with some common
library used by both of these packages (maybe libpoppler?).
I reported this on a Debian mailing list (I'm using Debian Testing), and
somebody suggested that this probably happens because Okular is saving the
modifications to a temporary file and then deleting the original file and
writing the temporary file to a new file with the same name as the original
file. I understand that. However, I think that this behavior is unexpected and
very problematic.
STEPS TO REPRODUCE
1. Open a read-only file in Okular
2. Insert some comments on the file
3. Hit the save button
OBSERVED RESULT
The file gets saved to disk, even though it is marked as read-only.
EXPECTED RESULT
Okular should show an error message saying it can't write to the file.
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma: Debian Testing
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are the assignee for the bug.
