Hi, 
In KOrganizer (where we use KSaveFile when saving local files) we have the 
problem that the mode, the uid and gid of a file are not retained if uid and 
gid of the file are not the uid and gid of the user.

For example, I (user reinhold, group reinhold) have a file
-rw-------  1 reinhold reinhold  397 2004-07-23 17:31 tt.ics
If I use KSaveFile to save something to tt.ics, the 600 mode is kept.

Now, if I have a file 
-rw-------  1 reinhold users     397 2004-07-23 17:31 tt.ics
then using KSaveFile reverts the file's permissions to 644, user reinhold, 
group reinhold. 

This is of course caused by the check
          (stat_buf.st_uid == getuid())
          && (stat_buf.st_gid == getgid()))
in lines 73/74 of ksavefile.cpp. This assumes that the user is only able to 
write to files that have his own uid and gid set, but neglect the fact that 
he might be allowed to write to other files, which for example might be 
group- or even world-writable, but do not belong to the user. 

This check was introduced by Waldo on Feb 23 in revision 1.14 for HEAD and 
1.10.4.3 for KDE_3_2_BRANCH with the comment "Use stat, use fchmod and only 
if it was our own file.". 
I think that check needs to be removed again to fix bugs like 71354. Can this 
be done for kde 3.3?

BTW, this issue even raises some privacy issues, as the user for example 
explicitly chose to disallow group or world access to his calendar (maybe 
containing confidential data), but KSaveFile happily resets the permissions 
to world readability...

Thanks,
Reinhold


-- 
------------------------------------------------------------------
Reinhold Kainhofer, Vienna, Austria
email: reinhold@kainhofer.com, http://reinhold.kainhofer.com/
 * Financial and Actuarial Mathematics, TU Wien, http://www.fam.tuwien.ac.at
 * Deltasoft mathematics, http://www.deltasoft.at/