Created attachment 138782 [details] Firejail report SUMMARY I caught okular trying to access (syscall access) and open (syscall open64) my dotfiles. I have attached the list of such operations as logged by firejail in journal. It is worth noting that, the program tried to open only the following four files, while it tried to access almost all of my dotfiles: 1. /home/erfan/.xinitrc 2. /home/erfan/.wget-hsts 3. /home/erfan/.gitconfig 4. /home/erfan/.vimrc To find the exact list of files, search for "blacklist violation" in the attachment. I should also note that, I am using firejail's default profile for okular. by default it restricts network access and denies any file operation outside of /home/USER/Documents, and I found out about this weird behavior when the application was denied such access. It is really weird if this kind of operation is intended, as my document was in /home/erfan/Documents, so it didn't have anything to do with my dotfiles etc. I can reliably trigger this behavior if I do the exact same steps I described bellow on my PC. I haven't tried this on any other distro/PC yet. So this might very well be some malware in my PC :( STEPS TO REPRODUCE 1. Install firejail and run okular using firejail's default profile for okular 2. Open any PDF document inside /home/USER/Documents 3. Try to print it. The access pattern should happen as soon as you hit Ctrl+P to open printing dialog (No actual printing is required) OBSERVED RESULT The program tries to access files not related to printing, its configuration and/or the document which is open. SOFTWARE/OS VERSIONS Ubuntu 20.04 LTS, up-to-date as of filing this report. Okular is installed from the official repo using apt.
I'm not interested in chasing this "illegal" accesses at all, but it's not okulars fault, probably something in Qt print dialog or cups or whatever, the same happens if you try to print from assistant for example.
I would like to thank you for reviewing this report. I can assure you that this has nothing to do with CUPS or any other third party software. Also, you suggested that it can have something to do with the Qt print dialog, so I should file a bug report somewhere else? I would highly appreciate if you tell me what I should do next. Best regards
(In reply to Erfan Khadem from comment #2) > I would like to thank you for reviewing this report. > > I can assure you that this has nothing to do with CUPS or any other third > party software. Honestly I don't trust you have enough knowledge to be able to assure this, because the only way to assure that is know what is causing the stats, and you obviously don't know, otherwise you would not have opened this bug > Also, you suggested that it can have something to do with > the Qt print dialog, so I should file a bug report somewhere else? I would > highly appreciate if you tell me what I should do next. You should find out who is making those stat calls. I don't think it's a bug, my guess is that the print dialog has that line edit to let specify the file you want to print and is stating your home folder to make sure it doesn't suggest overwriting and existing file or something similar. If you really feel strongly about this you need to investigate more, but honestly i don't see how this is a problem.
> Honestly I don't trust you have enough knowledge to be able to assure this, because the only way to assure that is know what is causing the stats I came to this conclusion because CUPS is a separate process, and I am not tracking/limiting it. Feel free to correct me if I am wrong. In any case, as you are suggesting that there is nothing to be worried about, I am no longer interested in following this either.
> I came to this conclusion because CUPS is a separate process, and I am not tracking/limiting it. In this case i meant libcups and not the cups-daemon