KDE theme wipes user's files using 'rm -rf'

For interesting topics. But remember this is a Linux Forum. Do not post offensive topics that are meant to cause trouble with other members or are derogatory towards people of different genders, race, color, minors (this includes nudity and sex), politics or religion. Let's try to keep peace among the community and for visitors.

No spam on this or any other forums please! If you post advertisements on these forums, your account may be deleted.

Do not copy and paste entire or even up to half of someone else's words or articles into posts. Post only a few sentences or a paragraph and make sure to include a link back to original words or article. Otherwise it's copyright infringement.

You can talk about other distros here, but no MX bashing. You can email the developers of MX if you just want to say you dislike or hate MX.
Post Reply
Message
Author
User avatar
Stevo
Developer
Posts: 14446
Joined: Fri Dec 15, 2006 7:07 pm

Re: KDE theme wipes user's files using 'rm -rf'

#11 Post by Stevo »

The KDE store and "get hot new stuff" does have some warnings about it not being vetted, and that it does pose a risk, but...damn. Discover also updates stuff from the store once they are installed, along with system packages---use MX Updater if you want to be safer.
MXPI = MX Package Installer
QSI = Quick System Info from menu
The MX Test repository is mostly backports; not the same as Debian testing
Top
User avatar
AVLinux
Posts: 2922
Joined: Wed Jul 15, 2020 1:15 am

Re: KDE theme wipes user's files using 'rm -rf'

#12 Post by AVLinux »

It's easy to say that KDE shouldn't have let this happen but like much of Linuxdom it's probably volunteer managed or store submission devs being run on a shoestring budget... on top of that why would they be expecting to find such a heinous exploit in a theme which are almost always provided by good-hearted Users with the best of intentions in their spare time. It shouldn't have happened but KDE isn't the bad guy here the author of the exploit is... It seems like the store got on top of it very quickly, sadly, people suck... :frown:
Top
User avatar
uncle mark
Posts: 851
Joined: Sat Nov 11, 2006 9:42 pm

Re: KDE theme wipes user's files using 'rm -rf'

#13 Post by uncle mark »

Stevo wrote: Mon Mar 25, 2024 11:51 am Yes, MX KDE users will also be vulnerable.

Yet another example of why I appreciate having become old, dull, and boring. Defaults are almost always just fine with me.

"Themes? We don't need no steenking themes."
Custom build Asus/AMD/nVidia circa 2011 -- MX 19.2 KDE
Acer Aspire 5250 -- MX 21 KDE
Toshiba Satellite C55 -- MX 18.3 Xfce
Assorted Junk -- assorted Linuxes
Top
User avatar
asqwerth
Developer
Posts: 7776
Joined: Sun May 27, 2007 5:37 am

Re: KDE theme wipes user's files using 'rm -rf'

#14 Post by asqwerth »

sunrat wrote: Wed Mar 27, 2024 5:44 pm If that happens, one should just restore the system backup they made before installing potentially damaging software! ;)
Everyone makes backups, don't they?
The article said every device mounted got wiped. SO if your backup or even timeshift device was mounted, it would have been wiped if they could be written to with user permissions.

So better make sure you have backups that are not normally mounted or even connected to your machine. And have more than 1, in separate backup devices, as Mauser said.

I don't use Discover to update or install KDE Store customisations. First thing I do for every MX-KDE install is to remove Discover from the notifications, and install/activate Synaptic and apt-notifier.

Once in a while I visit KDE Store and check the relevant pages [eg read the reviews, ensure any updates for are for my plasma version].
Last edited by asqwerth on Wed Mar 27, 2024 11:34 pm, edited 1 time in total.
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400
Top
User avatar
Dennis-TW
Posts: 75
Joined: Tue Apr 09, 2019 6:59 am

Re: KDE theme wipes user's files using 'rm -rf'

#15 Post by Dennis-TW »

asqwerth wrote: Wed Mar 27, 2024 10:25 pm So better make sure you have backups that are not normally mounted or even connected to your machine.
In my opinion that is the pure definition of a backup.

In all other cases it is merely a copy of your data.

Many might roll their eyes when they read about the 3-2-1 backup method and its modern variant 3-2-1-1-0, but it still makes sense.

And while one can argue that an offsite backup via Cloud or remote location might be a overkill for the average home user, a physically separated backup device should be the norm.

Luckily it is so easy to accomplish with MX Linux!
Top
User avatar
Mauser
Posts: 1440
Joined: Mon Jun 27, 2016 7:32 pm

Re: KDE theme wipes user's files using 'rm -rf'

#16 Post by Mauser »

Dennis-TW wrote: Wed Mar 27, 2024 11:23 pm
asqwerth wrote: Wed Mar 27, 2024 10:25 pm So better make sure you have backups that are not normally mounted or even connected to your machine.
In my opinion that is the pure definition of a backup.

In all other cases it is merely a copy of your data.

Many might roll their eyes when they read about the 3-2-1 backup method and its modern variant 3-2-1-1-0, but it still makes sense.

And while one can argue that an offsite backup via Cloud or remote location might be a overkill for the average home user, a physically separated backup device should be the norm.

Luckily it is so easy to accomplish with MX Linux!
I wouldn't trust anything on the Cloud. The Cloud is just someone else's computer that the Stasi can get to and so can ransom-ware. My backups are on two different hard-drives inside my computer case that both have full disk encryption that I only mount them when I back up to them and then immediately dismount them bought. No Stasi is going to get the information on them, no ransom ware is going to get them, no virus can touch them, no malware will mess them up, and no nothing will get them.
I am command line illiterate. :confused: I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list. :mad:
Top
User avatar
operadude
Posts: 848
Joined: Tue Nov 05, 2019 12:08 am

Re: KDE theme wipes user's files using 'rm -rf'

#17 Post by operadude »

uncle mark wrote: Wed Mar 27, 2024 8:02 pm
Stevo wrote: Mon Mar 25, 2024 11:51 am Yes, MX KDE users will also be vulnerable.

Yet another example of why I appreciate having become old, dull, and boring. Defaults are almost always just fine with me.

"Themes? We don't need no steenking themes."
@uncle mark :number1:

You are pure "TREASURE" ;)
Top
User avatar
MikeR
Posts: 195
Joined: Sun Jun 25, 2023 6:42 am

Re: KDE theme wipes user's files using 'rm -rf'

#18 Post by MikeR »

fuller discussion on reddit:
https://www.reddit.com/r/kde/comments/1 ... e_out_all/
Old RSTS hack
Registered Linux user #542196
Top
User avatar
siamhie
Global Moderator
Posts: 3224
Joined: Fri Aug 20, 2021 5:45 pm

Re: KDE theme wipes user's files using 'rm -rf'

#19 Post by siamhie »

MikeR wrote: Thu Mar 28, 2024 2:32 pm fuller discussion on reddit:
https://www.reddit.com/r/kde/comments/1 ... e_out_all/

@MikeR That's a cross post from the initial post I mentioned here in post #3. viewtopic.php?p=770308#p770308
This is my Fluxbox . There are many others like it, but this one is mine. My Fluxbox is my best friend. It is my life.
I must master it as I must master my life. Without me, my Fluxbox is useless. Without my Fluxbox, I am useless.
Top
User avatar
MadMax
Posts: 483
Joined: Wed Aug 04, 2021 3:25 pm

Re: KDE theme wipes user's files using 'rm -rf'

#20 Post by MadMax »

KDE is a great DE, but stuff like this always reminds me why I stick with Xfce :ninja:
If it ain't broke, don't fix it.
Main: MX 23 | Second: Mint 22 | HTPC: Linux Lite 7 | VM Machine: Debian 12 | Testrig: Arch/FreeBSD 14 | Work: RHEL 8
Top
Post Reply

Return to “General”