aacid added a comment.
In D12513#257628 <https://phabricator.kde.org/D12513#257628>, @mgerstner wrote: > If you choose a different approach then you will have to open the target file explicitly, which raises other questions like how to safely replace symlinks. Of course such an approach can also be implemented safely. In any case a prudent handling of the temporary file handling improves trust in and robustness of the code and provides additional barriers should errors slip in in the future by way of refactoring or extending the code. Honestly i don't understand why i have to care about anything. If we drop privileges, it's just some code running with regular user level privileges, why are symlinks a problem? Because some malicious code can create symlinks that make the code write to file X when we wanted to write to file Y? Sure that's bad, but if you have in your system something that can create such symlink, it already has user level privileges, so it can already write to file X or file Y itself, without "exploiting" kate to do it. Or am I missing something? REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: mgerstner, aacid, ngraham, fvogt, cullmann, #frameworks, michaelh, kevinapavew, bruns, demsking, sars, dhaumann
