https://bugs.kde.org/show_bug.cgi?id=387215
--- Comment #6 from T R T <[email protected]> --- By using either firejail or flatpak(the backend is bubblewrap) - these are the most popular sandboxing solutions. I guess KIO provides a global file dialog for every X app and if an application connects to X(and KDE) KIO can leak files. For example: I fake a home dir with `firejail --private=~/FF_jail firefox -no-remote` then I have a 'Documents' folder both in the sandbox and in my home dir and if I've firefox-kde - which uses KDE's file dialog instead of gnome's then KIO will show me MY home dir - and if the 'Documents' folder is present in both then the sandbox will be able to read the content from outside. Another example: If I open dolphin with `firejail --private=~/dj dolphin` then it'll be able to access almost everything. I'd try okular with firejail but it crashes with: " mprotect failed in ExecutableAllocator::makeExecutable: Access denied *** stack smashing detected ***: <unknown> terminated " -- You are receiving this mail because: You are watching all bug changes.
