[Bug 521533] [NEW] Bad data handling -> Security Hole
Launchpad Bug Tracker
521533 at bugs.launchpad.net
Sun Feb 28 17:36:14 UTC 2010
You have been subscribed to a public bug:
Binary package hint: okular
Okular has a "feature" to allow users to fill out forms within PDF
files. It appears to work fine, if you just use Okular - you may or may
not notice the oddity that it doesn't have a "Save" menu option, but it
seems to save anyway.
You can close the PDF, reopen it with Okular, and your form data is
still there.
But then you open it with Adobe Acrobat, and your form data is NOT
there.
It turns out that Okular has a horribly conceived "feature" to let you
store form data - but it puts the form data in a file other than the PDF
document - it puts it under ~user/.kde/share/apps/okular/docdata.
Not only is this a stupidly implemented feature, it is a huge security
hole for those of us that do things like fill out tax forms.
When I fill out my tax form PDF, I fully expect that my data is going to
be saved within the PDF. So when I lock the PDF file inside of an
encrypted volume, my data is secure.
Imagine my surprise, to find all of my tax data floating out in
user/.kde/share/apps/okular/docdata/randomFileName.pdf.xml
Okular should have this "feature" immediately stripped from ubuntu to
protect Ubuntu's users from this poorly designed application.
** Affects: kdegraphics (Ubuntu)
Importance: Undecided
Status: Invalid
--
Bad data handling -> Security Hole
https://bugs.launchpad.net/bugs/521533
You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdegraphics in ubuntu.
More information about the kubuntu-bugs
mailing list