Summary: | [okular] saves opened file metadata in ~/.kde/share/apps/okular/docdata/ which can leak info, use hash instead | ||
---|---|---|---|
Product: | [Applications] okular | Reporter: | Mark <markotahal> |
Component: | general | Assignee: | Okular developers <okular-devel> |
Status: | REPORTED --- | ||
Severity: | wishlist | CC: | fabiodurso, kde, sdfjsfjaei-hans |
Priority: | NOR | ||
Version: | 0.16.2 | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
See Also: | https://bugs.kde.org/show_bug.cgi?id=436738 | ||
Latest Commit: | Version Fixed In: |
Description
Mark
2013-04-05 00:35:16 UTC
(In reply to comment #0) > 2/ include size in bytes in name-hash, so different files named the same are > handeled. "some number" is the size in bytes > 2.1/ what about comments to file, filled in form fields - do they change > file size? (pdf) If you save them through "save as" they do; if you just let okular autosave on close into the docdata folder they don't, because the original file is left untouched my two cents.. :) Just wanted to post the exact same issue: In ~/.local/share/okular/docdata/ you find a lot of docdata (for restoring current page, zoom etc.) that all contain the filenames from files you have opened. Moving to checksums would have the advantage of preventing the filenames from constantly being "leaked" and more importantly would allow a document view (current position etc.) to be restored even when that file was moved to a different location. I just noticed this leaky behavior of okular and was about to file a security bug, but I see someone else already did.... Please, at the very least, okular should "chmod 700 ~/.local/share/okular/docdata." Right now, any user on the system can see file paths in "docdata" by default. |