- cross-posted to:
- kde@lemmy.kde.social
- cross-posted to:
- kde@lemmy.kde.social
cross-posted from: https://lemmy.ml/post/13397700
Malicious KDE theme can wipe out all your data
Or is it just buggy?
On the Reddit thread people, at least one of them tagged as a KDE dev, mentions that widgets NEED to be able to run arbitrary code. I am absolutely baffled by this.
Aren’t widgets pieces of software? Of course they have to run code. But they need to be isolated, or at the very least not have sudo access.
Seems like a ~~blessing ~~ glaring kde bug, I mean how is it possible? Why a theme needs to be able to execute shell commands?
Themes are very powerful beings in KDE. they can install SDDM themes and scripts, they can set Kvantum themes, custom parameters for other parts of the system etc.
You can’t really do that shit without scripting
I thought wayland was supposed to improve security. Were the past 18 years a lie?
Bro does not know what a display server does
They should be more specific. This is just false advertising.
Wayland isn’t a product. You’re gonna have to get your mind out of capitalism to understand the free software community.
>muh capitalism
Ok commie