Page 2 of 3
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 6:54 pm
by Stevo
The KDE store and "get hot new stuff" does have some warnings about it not being vetted, and that it does pose a risk, but...damn. Discover also updates stuff from the store once they are installed, along with system packages---use MX Updater if you want to be safer.
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 6:56 pm
by AVLinux
It's easy to say that KDE shouldn't have let this happen but like much of Linuxdom it's probably volunteer managed or store submission devs being run on a shoestring budget... on top of that why would they be expecting to find such a heinous exploit in a theme which are almost always provided by good-hearted Users with the best of intentions in their spare time. It shouldn't have happened but KDE isn't the bad guy here the author of the exploit is... It seems like the store got on top of it very quickly, sadly, people suck...
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 8:02 pm
by uncle mark
Stevo wrote: Mon Mar 25, 2024 11:51 am
Yes, MX KDE users will also be vulnerable.
Yet another example of why I appreciate having become old, dull, and boring. Defaults are almost always just fine with me.
"Themes? We don't need no steenking themes."
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 10:25 pm
by asqwerth
sunrat wrote: Wed Mar 27, 2024 5:44 pm
If that happens, one should just restore the system backup they made before installing potentially damaging software!
Everyone makes backups, don't they?
The article said every device mounted got wiped. SO if your backup or even timeshift device was mounted, it would have been wiped if they could be written to with user permissions.
So better make sure you have backups that are not normally mounted or even connected to your machine. And have more than 1, in separate backup devices, as Mauser said.
I don't use Discover to update or install KDE Store customisations. First thing I do for every MX-KDE install is to remove Discover from the notifications, and install/activate Synaptic and apt-notifier.
Once in a while I visit KDE Store and check the relevant pages [eg read the reviews, ensure any updates
for are for my plasma version].
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 11:23 pm
by Dennis-TW
asqwerth wrote: Wed Mar 27, 2024 10:25 pm
So better make sure you have backups that are not normally mounted or even connected to your machine.
In my opinion that is the pure definition of a backup.
In all other cases it is merely a copy of your data.
Many might roll their eyes when they read about the 3-2-1 backup method and its modern variant 3-2-1-1-0, but it still makes sense.
And while one can argue that an offsite backup via Cloud or remote location might be a overkill for the average home user, a physically separated backup device should be the norm.
Luckily it is so easy to accomplish with MX Linux!
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Wed Mar 27, 2024 11:40 pm
by Mauser
Dennis-TW wrote: Wed Mar 27, 2024 11:23 pm
asqwerth wrote: Wed Mar 27, 2024 10:25 pm
So better make sure you have backups that are not normally mounted or even connected to your machine.
In my opinion that is the pure definition of a backup.
In all other cases it is merely a copy of your data.
Many might roll their eyes when they read about the 3-2-1 backup method and its modern variant 3-2-1-1-0, but it still makes sense.
And while one can argue that an offsite backup via Cloud or remote location might be a overkill for the average home user, a physically separated backup device should be the norm.
Luckily it is so easy to accomplish with MX Linux!
I wouldn't trust anything on the Cloud. The Cloud is just someone else's computer that the Stasi can get to and so can ransom-ware. My backups are on two different hard-drives inside my computer case that both have full disk encryption that I only mount them when I back up to them and then immediately dismount them bought. No Stasi is going to get the information on them, no ransom ware is going to get them, no virus can touch them, no malware will mess them up, and no nothing will get them.
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Thu Mar 28, 2024 4:08 am
by operadude
uncle mark wrote: Wed Mar 27, 2024 8:02 pm
Stevo wrote: Mon Mar 25, 2024 11:51 am
Yes, MX KDE users will also be vulnerable.
Yet another example of why I appreciate having become old, dull, and boring. Defaults are almost always just fine with me.
"Themes? We don't need no steenking themes."
@uncle mark 
You are pure "TREASURE"
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Thu Mar 28, 2024 2:32 pm
by MikeR
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Thu Mar 28, 2024 2:56 pm
by siamhie
@MikeR That's a cross post from the initial post I mentioned here in post #3.
viewtopic.php?p=770308#p770308
Re: KDE theme wipes user's files using 'rm -rf'
Posted: Thu Mar 28, 2024 3:09 pm
by MadMax
KDE is a great DE, but stuff like this always reminds me why I stick with Xfce
