[okular] [Bug 440986] New: Okular is able to overwrite read-only files

Adriano Vilela bugzilla_noreply at kde.org
Sat Aug 14 23:04:36 BST 2021 

https://bugs.kde.org/show_bug.cgi?id=440986

            Bug ID: 440986
           Summary: Okular is able to overwrite read-only files
           Product: okular
           Version: 20.12.3
          Platform: Debian testing
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: okular-devel at kde.org
          Reporter: adriano.vilela at yahoo.com
  Target Milestone: ---

SUMMARY

I came across a very weird behavior while annotating a pdf file in Okular. Long
story short: I opened a read-only pdf file (permissions: 400), inserted some
comments and hit the save button. At this point, I thought I had been working
on a write-enabled copy of the file. After a while, I realized that I was
actually working on the read-only version of the file, that somehow got saved
to disk when I hit the save icon. Okular was not only able to save the file to
disk, but the file permissions were changed to 644.

To be honest, I was able to reproduce the problem with Xournal. This makes me
think that the problem may not be with Okular or Xournal, but with some common
library used by both of these packages (maybe libpoppler?).

I reported this on a Debian mailing list (I'm using Debian Testing), and
somebody suggested that this probably happens because Okular is saving the
modifications to a temporary file and then deleting the original file and
writing the temporary file to a new file with the same name as the original
file. I understand that. However, I think that this behavior is unexpected and
very problematic.

STEPS TO REPRODUCE

1. Open a read-only file in Okular
2. Insert some comments on the file
3. Hit the save button

OBSERVED RESULT

The file gets saved to disk, even though it is marked as read-only.

EXPECTED RESULT

Okular should show an error message saying it can't write to the file.


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Debian Testing
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list