• @rtxnM
    link
    English
    113
    edit-2
    9 months ago

    For those not in the know: aussie man explains. A KDE Plasma 6 global theme deleted a user’s files. Global themes may contain arbitrary Javascript code, and a bug (using a library written for Plasma 5) caused it to essentially run rm -rf /*, Steam-style. KDE have since removed the theme and are considering next steps to warn the user that the “official” KDE store contains user-submitted content, and that some addons may contain potentially dangerous code.

    • @[email protected]OP
      link
      fedilink
      38
      edit-2
      9 months ago

      I still remember that video I watched where a line in the Steam code back in the day was titled SCARY!!! and it was rm -rf $STEAMROOT. This nuked a guy’s computer because short answer $STEAMROOT was actually / root, long answer here’s the video. This nuked both his PC and his external drive that is some pretty bad code but this JavaScript code is up there

      • @rtxnM
        link
        English
        419 months ago

        That’s the issue I linked. The problem was that at some point a script executed rm -rf "$STEAMROOT/*", but did not make sure that $STEAMROOT was set. If for some reason it was empty, the path became /* after substitution.

        • @[email protected]OP
          link
          fedilink
          119 months ago

          So would it be funny if I made a meme like this except it was with the trojan horse meme template? I kinda want to

      • @[email protected]B
        link
        fedilink
        English
        59 months ago

        Here is an alternative Piped link(s):

        video

        Piped is a privacy-respecting open-source alternative frontend to YouTube.

        I’m open-source; check me out at GitHub.

      • @rtxnM
        link
        English
        49 months ago

        It should only affect Plasma 6 because of some breaking change to how a Javascript function returns a path.

      • NekuSoul
        link
        fedilink
        49 months ago

        This particular issue was caused by a breaking change in Plasma 6 and bad handling in a specific global theme.

        The general security concerns that were being brought to light however apply to all versions.