this post was submitted on 21 Mar 2024
521 points (97.3% liked)
linuxmemes
21581 readers
1029 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For those not in the know: aussie man explains. A KDE Plasma 6 global theme deleted a user's files. Global themes may contain arbitrary Javascript code, and a bug (using a library written for Plasma 5) caused it to essentially run
rm -rf /*
, Steam-style. KDE have since removed the theme and are considering next steps to warn the user that the "official" KDE store contains user-submitted content, and that some addons may contain potentially dangerous code.I still remember that video I watched where a line in the Steam code back in the day was titled SCARY!!!!! and it was rm -rf $STEAMROOT. This nuked a guy's computer because short answer $STEAMROOT was actually / root, long answer here's the video. This nuked both his PC and his external drive that is some pretty bad code but this JavaScript code is up there
That's the issue I linked. The problem was that at some point a script executed
rm -rf "$STEAMROOT/*"
, but did not make sure that$STEAMROOT
was set. If for some reason it was empty, the path became/*
after substitution.So would it be funny if I made a meme like this except it was with the trojan horse meme template? I kinda want to
Here is an alternative Piped link(s):
video
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Here is an alternative Piped link(s):
aussie man explains
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Is this affecting both plasma 5&6 then?
It should only affect Plasma 6 because of some breaking change to how a Javascript function returns a path.
This particular issue was caused by a breaking change in Plasma 6 and bad handling in a specific global theme.
The general security concerns that were being brought to light however apply to all versions.