KDE global themes have malicious code

Be careful since bow there is global themes that wipes all files on system after installation

https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/

1 Like

A video on this by Brodie Robertson:

KDE Global Themes Are Inherently Unsafe

1 Like

While it is a serious vulnerability, lets not get hyperbolic. This didn’t “Wipe all files on system” it wiped all the files in the user account’s $HOME.

I wouldn’t consider it hyperbolic… The irreplaceable files someone actively cares about all live in $HOME. Everything else on the root filesystem can be fixed with a reinstall.

(Someone may also have important files on a USB disk, NFS, etc. too — but most people don’t. Even still, those usually have permissions set in such a way that their own account has read+write access, so that’s even affected by things like rm -rf /* too.)

Basically, it can “wipe all files” on a system that actually matter to someone.

2 Likes

We’re just going to have to agree to disagree then. Labelling what has been determined to be an honest mistake in the code, as “malicious code” and then making the claim that it “wipes all files on system” is patently untrue.

It’s a serious security and usability issue, but to label this incident as malicious, and to make the claim that it deleted stuff that it didn’t, is the very definition of hyperbolic.

KDE Upstream, and the folks that run store.kde.org are hard at work on mitigations for this issue, it’s not just getting a shoulder shrug from the relevant parties.

1 Like