- cross-posted to:
- kde@lemmy.kde.social
- cross-posted to:
- kde@lemmy.kde.social
cross-posted from: https://lemmy.ml/post/13397700
Malicious KDE theme can wipe out all your data
Or is it just buggy?
except sandboxed, a theme should not have unrestricted user file system access.
Seems like a ~~blessing ~~ glaring kde bug, I mean how is it possible? Why a theme needs to be able to execute shell commands?
Themes are very powerful beings in KDE. they can install SDDM themes and scripts, they can set Kvantum themes, custom parameters for other parts of the system etc.
You can't really do that shit without scripting
I thought wayland was supposed to improve security. Were the past 18 years a lie?
wayland was not about avoiding applications accessing resources or running scripts (that is why sandboxing is for) but to avoid programs to have access to the rest of the graphical session (things like input devices and other graphical windows and their data)