- cross-posted to:
- linuxfurs@pawb.social
- kde@lemmy.kde.social
cross-posted from: https://lemmy.ml/post/13397700
Malicious KDE theme can wipe out all your data
Or is it just buggy?
BZzzz ( @MOUCHE_A_MERDE@jlai.lu ) 18•3 months ago*Malicious script inside everywhere can wipe out all your data
baseless_discourse ( @baseless_discourse@mander.xyz ) 4•3 months agoexcept sandboxed, a theme should not have unrestricted user file system access.
Pantherina ( @Pantherina@feddit.de ) 15•3 months agoA ton of extensions are executing scripts, but this is generally behind a warning.
This REALLY has to change guys, and for that the getnewstuff backend must become better.
For example Dolphin extensions are still downloaded to some random download location that is not actually used.
And the packaging of addons is extremely random too.
jherazob ( @jherazob@beehaw.org ) English13•3 months agoOn the Reddit thread people, at least one of them tagged as a KDE dev, mentions that widgets NEED to be able to run arbitrary code. I am absolutely baffled by this.
Michal ( @Michal@programming.dev ) 22•3 months agoAren’t widgets pieces of software? Of course they have to run code. But they need to be isolated, or at the very least not have sudo access.
MonkderZweite ( @MonkderZweite@feddit.ch ) 5•3 months agoThink of html+css, themes are supposed to be that kind of code who does nothing by itself.
Zamundaaa ( @Zamundaaa@discuss.tchncs.de ) English11•3 months agoWidgets aren’t themes. They’re things on your desktop that people are using for example for showing a folder - and if that can’t interact with the system, that widget’s functionality is broken.
Of course, that should not apply to install scripts or the like, which shouldn’t be a thing at all really. And it should be made a lot more obvious which downloadable things can execute code / which ones are “guaranteed” safe and which ones may not be.
baseless_discourse ( @baseless_discourse@mander.xyz ) 1•3 months agoI think the theme mentioned probably don’t have sudo access, just user access can do enough harm already.
I think rm command should refuse to remove overly-broad target (home, xdg dirs, media drives) without confirmation in the command line.
ReversalHatchery ( @ReversalHatchery@beehaw.org ) English1•3 months agoOk, then a bad actor could enumerate all the subdirs and delete them one by one.
Even if going down this path would be a good solution, I don’t think this is
rm
’s job to do. This should be done byan antivirusa security suite. I think I have read that for the past few years the kernel now has a better API than inotify to get notified by file operations. I don’t remember it’s name, but I think it was even mentioned in the docs that security software is a use case of it baseless_discourse ( @baseless_discourse@mander.xyz ) 2•3 months agoThis is not a defense against bad actor, but defense against bugs in bash script, which is quite common. Another idea is to introduce a new trash command
xdg-trash
to replacerm
. But both of these cannot stop malicious actors removing your file.I think even if we have a security suite, it is unlikely to detect bad actor recursively enumerating the file and delete them one by one, until many files were irrversably lost.
Antivirus has never been a proper way to achieve security, I think the proper way to defend against offensive
rm
is probably sandboxing.
𝒎𝒂𝒏𝒊𝒆𝒍 ( @maniel@lemmy.ml ) 12•3 months agoSeems like a ~~blessing ~~ glaring kde bug, I mean how is it possible? Why a theme needs to be able to execute shell commands?
ReversalHatchery ( @ReversalHatchery@beehaw.org ) English1•3 months agoBecause themes are not just skins, as I understand. Themes are a collection of a lot of different kinds of components, from color schemes and fonts to window decorations and to a custom interactive SDDM menu as the other commenter said.
katy ✨ ( @cupcakezealot@lemmy.blahaj.zone ) 5•3 months agoi can do that too with --no-preserve-root but you don’t see me bragging.
jaxil6 ( @jaxil6@futurology.today ) English2•3 months agoI thought wayland was supposed to improve security. Were the past 18 years a lie?
ProgrammingSocks ( @ProgrammingSocks@pawb.social ) 4•3 months agoBro does not know what a display server does
jaxil6 ( @jaxil6@futurology.today ) English1•3 months agoThey should be more specific. This is just false advertising.
baseless_discourse ( @baseless_discourse@mander.xyz ) 5•3 months agoUm, this is like saying full disk encryption is false advertising, because it doesn’t prevent people blowing up your apartment complex. LOL.
Sorry, dude, I cannot resist. No hate to you, we all need to start from somewhere.
ProgrammingSocks ( @ProgrammingSocks@pawb.social ) 1•3 months agoWayland isn’t a product. You’re gonna have to get your mind out of capitalism to understand the free software community.
jaxil6 ( @jaxil6@futurology.today ) English2•3 months ago>muh capitalism
Ok commie ProgrammingSocks ( @ProgrammingSocks@pawb.social ) 1•3 months agoYou’re literally on a communist instance of Lemmy.
Klara ( @boo_@lemmy.blahaj.zone ) 4•3 months agoThis is different from the Wayland security model, as Wayland restricts the ability for clients to modify and read from other clients arbitrarily. This is an extension to a Wayland compositor, and as all extensions do, it contains code which runs on your system. Any code, unless sandboxed, can access your filesystem no matter if it’s run under Wayland, X11, or no windowing system at all for that matter.
Zamundaaa ( @Zamundaaa@discuss.tchncs.de ) English3•3 months agoIt is not related to Wayland or the compositor in any way. This is a plasmashell extension.
Similar caveats do apply to KWin scripts and effects though
ReversalHatchery ( @ReversalHatchery@beehaw.org ) English1•3 months agoIt does, when the bad actor is a program you run, and other open windows contain sensitive content.
Here the bad actor is code being loaded as an extension to the compositor. A bit like a kernel module, which can bypass file access permissions if it wants.