wisha@lemmy.ml to KDE@lemmy.kde.social · edit-28 months agoMalicious KDE theme can wipe out all your datalockwww.reddit.comexternal-linkmessage-square13fedilinkarrow-up180arrow-down15file-textcross-posted to: [email protected]
arrow-up175arrow-down1external-linkMalicious KDE theme can wipe out all your datalockwww.reddit.comwisha@lemmy.ml to KDE@lemmy.kde.social · edit-28 months agomessage-square13fedilinkfile-textcross-posted to: [email protected]
minus-squarePantherina@feddit.delinkfedilinkarrow-up3arrow-down1·8 months agoExtensions need to follow standards, and be installed as non-executable files in defined categories. Everything else has to be removed or behind a huge warning.
minus-squareBro666@lemmy.kde.socialMlinkfedilinkarrow-up6·8 months agoThat is not possible. widgets and Global themes have to be able to execute code to work. By the way: the code was not malicious, just badly written.
minus-squareBro666@lemmy.kde.socialMlinkfedilinkarrow-up3·8 months agoI think that is one of the questions being debated by the Plasma developers. You may have more luck getting a complete answer here: https://matrix.to/#/#plasma:kde.org
minus-squarePantherina@feddit.delinkfedilinkarrow-up1·8 months agoWhy do global themes need to do that? Arent they just color and image files, maybe audio? It doesnt really matter if the code was malicious or not, this should not be possible. Another example of how damn insecure linux is. Just because its not the snap store, we dont have tons of malicious addons on pling.
minus-squareKDE@floss.sociallinkfedilinkarrow-up10·8 months ago@Pantherina @Bro666 That is regular themes. _Global_ themes also modify the desktop’s behavior and hence contain code to do that.
Extensions need to follow standards, and be installed as non-executable files in defined categories.
Everything else has to be removed or behind a huge warning.
That is not possible. widgets and Global themes have to be able to execute code to work.
By the way: the code was not malicious, just badly written.
deleted by creator
I think that is one of the questions being debated by the Plasma developers. You may have more luck getting a complete answer here:
https://matrix.to/#/#plasma:kde.org
Why do global themes need to do that? Arent they just color and image files, maybe audio?
It doesnt really matter if the code was malicious or not, this should not be possible.
Another example of how damn insecure linux is. Just because its not the snap store, we dont have tons of malicious addons on pling.
@Pantherina @Bro666
That is regular themes.
_Global_ themes also modify the desktop’s behavior and hence contain code to do that.