<table><tr><td style="">ossi added inline comments.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D12291">View Revision</a></tr></table><br /><div><strong>INLINE COMMENTS</strong><div><div style="margin: 6px 0 12px 0;"><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D12291#inline-68194">View Inline</a><span style="color: #4b4d51; font-weight: bold;">chinmoyr</span> wrote in <span style="color: #4b4d51; font-weight: bold;">fdreceiver.cpp:89</span></div>
<div style="margin: 8px 0; padding: 0 12px; color: #74777D;"><blockquote style="border-left: 3px solid #a7b5bf; color: #464c5c; font-style: italic; margin: 4px 0 12px 0; padding: 4px 12px; background-color: #f8f9fc;"><p style="padding: 0; margin: 8px;">i don't see why that would be horrible</p></blockquote>
<p style="padding: 0; margin: 8px;">I meant adding "acceptConnection = true;" after #warning would look weird. Obviously that's not even an issue and I shouldn't have mentioned it.</p>
<p style="padding: 0; margin: 8px;">There is a discussion[1] going on related to a similar change in ktexteditor. Because ktexteditor also uses polkit to save files in read-only location, one of the suggestions to improve this process, in case the owner of target is not root, was to either ignore the operation or drop privileges to owner/group of the directory. Now in KIO the kauth helper performs every operation as root. So if in future it is decided to do a privilege drop before performing any file operation on non-root targets then this change will likely be a hindrance. After considering the fact that this is also redundant, now I am not really feeling confident about this change. Just out of curiosity, I want to know (although I feel weird for asking this) what was your reason for accepting this patch?</p>
<p style="padding: 0; margin: 8px;">[1]: <a href="https://bugzilla.suse.com/show_bug.cgi?id=1033055#c13" class="remarkup-link" target="_blank" rel="noreferrer">https://bugzilla.suse.com/show_bug.cgi?id=1033055#c13</a></p></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">i initially didn't notice the problem we're currently discussing.<br />
but more generally: it's a second layer of security, just in case somebody accidentally f*cks up the perms of their runtime dir (not something to be particularly concerned about; you'd certainly have bigger problems in this case). it might also help detecting configuration problems (though for that you'd have to add reasonable error reporting). and if done right, it's (currently) harmless, and i didn't feel like arguing over it. but i myself would just drop it.</p></div></div></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R241 KIO</div></div></div><br /><div><strong>BRANCH</strong><div><div>master</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D12291">https://phabricator.kde.org/D12291</a></div></div><br /><div><strong>To: </strong>chinmoyr, Frameworks, dfaure, ossi<br /><strong>Cc: </strong>kde-frameworks-devel, ossi, michaelh, ngraham, bruns<br /></div>