fvogt requested changes to this revision. fvogt added a comment. This revision now requires changes to proceed.
In https://phabricator.kde.org/D5394#101291, @aacid wrote: > In https://phabricator.kde.org/D5394#101275, @fvogt wrote: > > > what are the permissions of the temporary file that QSaveFile creates? > > > If the file exists it re-uses the existing permissions, otherwise it uses 666 > https://github.com/qt/qtbase/blob/dev/src/corelib/io/qsavefile.cpp#L235 Who thought that was a good idea? This allows literally *anyone* to change any file being edited (if the process does not have a umask such as 022) Although that means upstream Qt is currently unusuable, I'd suggest to use QTemporaryFile as a workaround as substitution for QSaveFile at least in this instance or assign a umask to the process (if Qt does not override this) While ktexteditor uses QSaveFile in other places as well, those are not as critical as this issue, so fixing that in Qt directly is IMO the best approach. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D5394 To: martinkostolny, #ktexteditor, fvogt Cc: elvisangelaccio, aacid, ivan, lbeltrame, fvogt, apol, anthonyfieroni, cullmann, ltoscano, dhaumann, graesslin, davidedmundson, palant, kwrite-devel, dfaure, #frameworks, head7, kfunk, sars
