mgerstner added a comment. Restricted Application edited subscribers, added: kde-frameworks-devel, kwrite-devel; removed: Frameworks.
In D12513#258565 <https://phabricator.kde.org/D12513#258565>, @aacid wrote: > > Honestly i don't understand why i have to care about anything. > > If we drop privileges, it's just some code running with regular user level > privileges, why are symlinks a problem? Well for one, if the target directory is owned by root, then you will be dropping privileges to root i.e. you won't drop privileges at all. The owners of the directory and the target file may differ. Another case might be that target directory and file are owned by root, but one of the upper directories is owned by a non-root user. Maybe it is a root-owned directory that is only temporary in nature and a race condition is involved i.e. it gets deleted before the actual file operations begin. It would be uncommon but we never now what the situation might be. The feature seems targeted towards users that have no big technical insight. So strange situations can be expected. IMO prudence is the better part of valor here. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: kwrite-devel, kde-frameworks-devel, mgerstner, aacid, ngraham, fvogt, cullmann, michaelh, kevinapavew, bruns, demsking, sars, dhaumann, #frameworks
