Malicious KDE theme can wipe out all your data

wisha@lemmy.ml · 4 months ago

Malicious KDE theme can wipe out all your data

BZzzz@jlai.lu · 4 months ago

*Malicious script inside everywhere can wipe out all your data

baseless_discourse@mander.xyz · edit-2 4 months ago

except sandboxed, a theme should not have unrestricted user file system access.

maniel@lemmy.ml · edit-2 4 months ago

Seems like a ~~blessing ~~ glaring kde bug, I mean how is it possible? Why a theme needs to be able to execute shell commands?

AMDIsOurLord@lemmy.ml · 4 months ago

Themes are very powerful beings in KDE. they can install SDDM themes and scripts, they can set Kvantum themes, custom parameters for other parts of the system etc.

You can't really do that shit without scripting

jaxil6@futurology.today · 4 months ago

I thought wayland was supposed to improve security. Were the past 18 years a lie?

machinya [it/its, fae/faer] · 4 months ago

wayland was not about avoiding applications accessing resources or running scripts (that is why sandboxing is for) but to avoid programs to have access to the rest of the graphical session (things like input devices and other graphical windows and their data)

Malicious KDE theme can wipe out all your data

Malicious KDE theme can wipe out all your data

Blocked