Malicious KDE theme can wipe out all your data

wisha@lemmy.ml · 8 months ago

Malicious KDE theme can wipe out all your data

maniel@lemmy.ml · edit-2 8 months ago

Seems like a ~~blessing ~~ glaring kde bug, I mean how is it possible? Why a theme needs to be able to execute shell commands?

AMDIsOurLord@lemmy.ml · 8 months ago

Themes are very powerful beings in KDE. they can install SDDM themes and scripts, they can set Kvantum themes, custom parameters for other parts of the system etc.

You can’t really do that shit without scripting

jherazob@beehaw.org · edit-2 8 months ago

On the Reddit thread people, at least one of them tagged as a KDE dev, mentions that widgets NEED to be able to run arbitrary code. I am absolutely baffled by this.

Michal@programming.dev · 8 months ago

Aren’t widgets pieces of software? Of course they have to run code. But they need to be isolated, or at the very least not have sudo access.

jaxil6@futurology.today · 8 months ago

I thought wayland was supposed to improve security. Were the past 18 years a lie?

ProgrammingSocks@pawb.social · 8 months ago

Bro does not know what a display server does

jaxil6@futurology.today · 8 months ago

They should be more specific. This is just false advertising.

ProgrammingSocks@pawb.social · edit-2 8 months ago

Wayland isn’t a product. You’re gonna have to get your mind out of capitalism to understand the free software community.

jaxil6@futurology.today · 8 months ago

>muh capitalism
Ok commie

Malicious KDE theme can wipe out all your data

Malicious KDE theme can wipe out all your data

Reddit - Dive into anything