martinkostolny added a comment.
> it should work as it is now, or I am mistaken? I believe the latest diff update is indeed making use of atomic rename. I will roughly summarize what the code currently does: 1. First try to open QSaveFile, if succeeded -> finish writing as before the patch 2. If opening QSaveFile fails KAuth action is called for creation of a temporary file in the same directory as the original target file 3. Then writing to this file is performed as regular user (same as before the patch) 4. Finally, second KAuth action is called to atomically rename the temporary file Owner and group is taken care of. Atomic rename is used only for Unix. On Windows there is a fallback using another QSaveFile which is also atomic when renaming but there is otherwise useless file copy beforehand. From my (non-expert) point of view this fallback is the only thing that needs fixing right now. But I currently cannot do that, it seems to me that it can be done later, too. > I am no security expert. Me neither. OK let's wait for somebody better qualified for this task :). REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D4847 To: martinkostolny, dhaumann, #ktexteditor Cc: apol, dfaure, anthonyfieroni, cullmann, ltoscano, dhaumann, graesslin, davidedmundson, palant, kwrite-devel, #frameworks, head7, kfunk, sars
