[okular] [Bug 437672] New: Illegal/irrelevant file access

Erfan Khadem bugzilla_noreply at kde.org
Tue May 25 18:00:59 BST 2021 

https://bugs.kde.org/show_bug.cgi?id=437672

            Bug ID: 437672
           Summary: Illegal/irrelevant file access
           Product: okular
           Version: 1.9.3
          Platform: Ubuntu Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: okular-devel at kde.org
          Reporter: erfankhademerkh at gmail.com
  Target Milestone: ---

Created attachment 138782
  --> https://bugs.kde.org/attachment.cgi?id=138782&action=edit
Firejail report

SUMMARY
I caught okular trying to access (syscall access) and open (syscall open64) my
dotfiles. I have attached the list of such operations as logged by firejail in
journal. It is worth noting that, the program tried to open only the following
four files, while it tried to access almost all of my dotfiles:

1. /home/erfan/.xinitrc
2. /home/erfan/.wget-hsts
3. /home/erfan/.gitconfig
4. /home/erfan/.vimrc

To find the exact list of files, search for "blacklist violation" in the
attachment.

I should also note that, I am using firejail's default profile for okular. by
default it restricts network access and denies any file operation outside of
/home/USER/Documents, and I found out about this weird behavior when the
application was denied such access. It is really weird if this kind of
operation is intended, as my document was in /home/erfan/Documents, so it
didn't have anything to do with my dotfiles etc.

I can reliably trigger this behavior if I do the exact same steps I described
bellow on my PC. I haven't tried this on any other distro/PC yet. So this might
very well be some malware in my PC :(

STEPS TO REPRODUCE
1. Install firejail and run okular using firejail's default profile for okular
2. Open any PDF document inside /home/USER/Documents
3. Try to print it. The access pattern should happen as soon as you hit Ctrl+P
to open printing dialog (No actual printing is required)

OBSERVED RESULT
The program tries to access files not related to printing, its configuration
and/or the document which is open.

SOFTWARE/OS VERSIONS
Ubuntu 20.04 LTS, up-to-date as of filing this report. Okular is installed from
the official repo using apt.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list