<table><tr><td style="">fvogt requested changes to this revision.<br />fvogt added a comment.<br />This revision now requires changes to proceed.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D5394" rel="noreferrer">View Revision</a></tr></table><br /><div><div><blockquote style="border-left: 3px solid #8C98B8;
color: #6B748C;
font-style: italic;
margin: 4px 0 12px 0;
padding: 8px 12px;
background-color: #F8F9FC;">
<div style="font-style: normal;
padding-bottom: 4px;">In <a href="https://phabricator.kde.org/D5394#101291" style="background-color: #e7e7e7;
border-color: #e7e7e7;
border-radius: 3px;
padding: 0 4px;
font-weight: bold;
color: black;text-decoration: none;" rel="noreferrer">D5394#101291</a>, <a href="https://phabricator.kde.org/p/aacid/" style="
border-color: #f1f7ff;
color: #19558d;
background-color: #f1f7ff;
border: 1px solid transparent;
border-radius: 3px;
font-weight: bold;
padding: 0 4px;" rel="noreferrer">@aacid</a> wrote:</div>
<div style="margin: 0;
padding: 0;
border: 0;
color: rgb(107, 116, 140);"><blockquote style="border-left: 3px solid #8C98B8;
color: #6B748C;
font-style: italic;
margin: 4px 0 12px 0;
padding: 8px 12px;
background-color: #F8F9FC;">
<div style="font-style: normal;
padding-bottom: 4px;">In <a href="https://phabricator.kde.org/D5394#101275" style="background-color: #e7e7e7;
border-color: #e7e7e7;
border-radius: 3px;
padding: 0 4px;
font-weight: bold;
color: black;text-decoration: none;" rel="noreferrer">D5394#101275</a>, <a href="https://phabricator.kde.org/p/fvogt/" style="
border-color: #f1f7ff;
color: #19558d;
background-color: #f1f7ff;
border: 1px solid transparent;
border-radius: 3px;
font-weight: bold;
padding: 0 4px;" rel="noreferrer">@fvogt</a> wrote:</div>
<div style="margin: 0;
padding: 0;
border: 0;
color: rgb(107, 116, 140);"><p>what are the permissions of the temporary file that QSaveFile creates?</p></div>
</blockquote>
<p>If the file exists it re-uses the existing permissions, otherwise it uses 666<br />
<a href="https://github.com/qt/qtbase/blob/dev/src/corelib/io/qsavefile.cpp#L235" class="remarkup-link" target="_blank" rel="noreferrer">https://github.com/qt/qtbase/blob/dev/src/corelib/io/qsavefile.cpp#L235</a></p></div>
</blockquote>
<p>Who thought that was a good idea? This allows literally *anyone* to change any file being edited (if the process does not have a umask such as 022)</p>
<p>Although that means upstream Qt is currently unusuable, I'd suggest to use QTemporaryFile as a workaround as substitution for QSaveFile at least in this instance or assign a umask to the process (if Qt does not override this)<br />
While ktexteditor uses QSaveFile in other places as well, those are not as critical as this issue, so fixing that in Qt directly is IMO the best approach.</p></div></div><br /><div><strong>REPOSITORY</strong><div><div>R39 KTextEditor</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D5394" rel="noreferrer">https://phabricator.kde.org/D5394</a></div></div><br /><div><strong>To: </strong>martinkostolny, KTextEditor, fvogt<br /><strong>Cc: </strong>elvisangelaccio, aacid, ivan, lbeltrame, fvogt, apol, anthonyfieroni, cullmann, ltoscano, dhaumann, graesslin, davidedmundson, palant, kwrite-devel, dfaure, Frameworks, head7, kfunk, sars<br /></div>