**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 12:41 *

**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 12:41 *

hazelnot @hazelnot@sunbeam.city

Mar 20, 2024, 12:41 *

...wow turns out the "not safe" vibes I was getting from Pling/KDE Store were right, there's malware on there masquerading as themes cause nobody is checking them

Someone uploaded a "theme" that rm rf's every drive mounted with user permissions 💀

https://www.reddit.com/r/kde/comments/1bixmbx/do_not_install_global_themes_some_wipe_out_all/

**Sven Slootweg** @joepie91@pixie.town · 2024-03-20T13:17:51Z

Sven Slootweg @joepie91@pixie.town

@hazelnot Why on earth are theme packages allowed to execute arbitrary code to begin with?

Mar 20, 2024, 13:17 · · Web · · ·

**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 16:26 *

**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 16:26 *

Mar 20, 2024, 16:26 *

hazelnot @hazelnot@sunbeam.city

@joepie91 Apparently to allow them to copy themselves to the proper directories, cause there's no system to do that automatically

**Sven Slootweg** @joepie91@pixie.town · Mar 20, 2024, 17:36

**Sven Slootweg** @joepie91@pixie.town · Mar 20, 2024, 17:36

Mar 20, 2024, 17:36

Sven Slootweg @joepie91@pixie.town

@hazelnot This seems like the worst possible way to address that

**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 18:11

**hazelnot** @hazelnot@sunbeam.city · Mar 20, 2024, 18:11

Mar 20, 2024, 18:11

hazelnot @hazelnot@sunbeam.city

@joepie91 yes

Resources

Developers

What is Mastodon?

pixie.town

More…