- cross-posted to:
- kde
- cross-posted to:
- kde
cross-posted from: https://lemmy.ml/post/13397700
Malicious KDE theme can wipe out all your data
Or is it just buggy?
cross-posted from: https://lemmy.ml/post/13397700
Malicious KDE theme can wipe out all your data
Or is it just buggy?
I think the theme mentioned probably don’t have sudo access, just user access can do enough harm already.
I think rm command should refuse to remove overly-broad target (home, xdg dirs, media drives) without confirmation in the command line.
Ok, then a bad actor could enumerate all the subdirs and delete them one by one.
Even if going down this path would be a good solution, I don’t think this is
rm
’s job to do. This should be done byan antivirusa security suite. I think I have read that for the past few years the kernel now has a better API than inotify to get notified by file operations. I don’t remember it’s name, but I think it was even mentioned in the docs that security software is a use case of itThis is not a defense against bad actor, but defense against bugs in bash script, which is quite common. Another idea is to introduce a new trash command
xdg-trash
to replacerm
. But both of these cannot stop malicious actors removing your file.I think even if we have a security suite, it is unlikely to detect bad actor recursively enumerating the file and delete them one by one, until many files were irrversably lost.
Antivirus has never been a proper way to achieve security, I think the proper way to defend against offensive
rm
is probably sandboxing.