this post was submitted on 21 Mar 2024
521 points (97.3% liked)

linuxmemes

21581 readers
1029 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 2 years ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] rtxn 113 points 9 months ago* (last edited 9 months ago) (3 children)

    For those not in the know: aussie man explains. A KDE Plasma 6 global theme deleted a user's files. Global themes may contain arbitrary Javascript code, and a bug (using a library written for Plasma 5) caused it to essentially run rm -rf /*, Steam-style. KDE have since removed the theme and are considering next steps to warn the user that the "official" KDE store contains user-submitted content, and that some addons may contain potentially dangerous code.

    [–] [email protected] 38 points 9 months ago* (last edited 9 months ago) (2 children)

    I still remember that video I watched where a line in the Steam code back in the day was titled SCARY!!!!! and it was rm -rf $STEAMROOT. This nuked a guy's computer because short answer $STEAMROOT was actually / root, long answer here's the video. This nuked both his PC and his external drive that is some pretty bad code but this JavaScript code is up there

    [–] rtxn 41 points 9 months ago (1 children)

    That's the issue I linked. The problem was that at some point a script executed rm -rf "$STEAMROOT/*", but did not make sure that $STEAMROOT was set. If for some reason it was empty, the path became /* after substitution.

    [–] [email protected] 11 points 9 months ago

    So would it be funny if I made a meme like this except it was with the trojan horse meme template? I kinda want to

    [–] [email protected] 5 points 9 months ago

    Here is an alternative Piped link(s):

    video

    Piped is a privacy-respecting open-source alternative frontend to YouTube.

    I'm open-source; check me out at GitHub.

    [–] [email protected] 4 points 9 months ago

    Here is an alternative Piped link(s):

    aussie man explains

    Piped is a privacy-respecting open-source alternative frontend to YouTube.

    I'm open-source; check me out at GitHub.

    [–] [email protected] 2 points 9 months ago (2 children)

    Is this affecting both plasma 5&6 then?

    [–] rtxn 4 points 9 months ago

    It should only affect Plasma 6 because of some breaking change to how a Javascript function returns a path.

    [–] [email protected] 4 points 9 months ago

    This particular issue was caused by a breaking change in Plasma 6 and bad handling in a specific global theme.

    The general security concerns that were being brought to light however apply to all versions.