Posted: . At: 12:41 PM. This was 1 month ago. Post ID: 19397
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Installation of a KDE theme wiped a user`s data.

by

A KDE plasmoid is installed as part of a global theme for KDE Plasma 6. This certain Plasmoid wiped all data from a user`s machine. It was using rm -rf in a malformed way. This was supposed to erase parts of the Plasmoid, but wiped all data on the system instead. Global themes are a massive security risk on Linux. This is why running KDE is a risk in 2024. Better to use Xfce 4 or MATE. The com.pajuelo.plasmaConfSaver/contents/scripts/save.sh file contains this code.

configPath=$1
configFolder=$2
dataPath=$3
 
mkdir "$configPath/plasmaConfSaver/"
rm -Rf "$configFolder"
mkdir "$configFolder"
 
# screenshot
spectacle -b -n -o "$configFolder/screenshot.png"
#scrot "$configFolder/screenshot.png"
 
# plasma config files
cp "$configPath/plasma-org.kde.plasma.desktop-appletsrc" "$configFolder/plasma-org.kde.plasma.desktop-appletsrc"
cp "$configPath/plasmarc" "$configFolder/plasmarc"
cp "$configPath/plasmashellrc" "$configFolder/plasmashellrc"
cp "$configPath/kdeglobals" "$configFolder/kdeglobals"
 
#kwin
cp "$configPath/kwinrc" "$configFolder/kwinrc"
cp "$configPath/kwinrulesrc" "$configFolder/kwinrulesrc"
 
#latte-dock config files
cp "$configPath/lattedockrc" "$configFolder/lattedockrc"
cp -r "$configPath/latte" "$configFolder/latte"
 
#dolphin config
cp "$configPath/dolphinrc" "$configFolder/dolphinrc"
#config session desktop
cp "$configPath/ksmserverrc" "$configFolder/ksmserverrc"
#config input devices
cp "$configPath/kcminputrc" "$configFolder/kcminputrc"
#shortcuts
cp "$configPath/kglobalshortcutsrc" "$configFolder/kglobalshortcutsrc"
#klipper config
cp "$configPath/klipperrc" "$configFolder/klipperrc"
#konsole config
cp "$configPath/konsolerc" "$configFolder/konsolerc"
#kscreenlocker config
cp "$configPath/kscreenlockerrc" "$configFolder/kscreenlockerrc"
#krunner config
cp "$configPath/krunnerrc" "$configFolder/krunnerrc"
#kvantum theme
cp -r "$configPath/Kvantum" "$configFolder/Kvantum"
 
#autostart
cp -r "$configPath/autostart" "$configFolder/autostart"
 
#plasma themes and widgets
cp -r "$dataPath/plasma" "$configFolder/plasma"
 
#wallpapers
cp -r "$dataPath/wallpapers" "$configFolder/wallpapers"
 
 
 
#icons
cp -r "$dataPath/icons" "$configFolder/icons"
 
#color-schemes
cp -r "$dataPath/color-schemes" "$configFolder/color-schemes"
 
#fonts
cp -r "$dataPath/kfontinst" "$configFolder/kfontinst"
#fonts dpi
cp "$configPath/kcmfonts" "$configFolder/kcmfonts"
 
#if latte-dock was running when we saved then create a flag file for running it on restore
if pgrep -x latte-dock > /dev/null
then
    touch "$configFolder/latterun"
fi

Maybe the $2 parameter to the script is wrong and it passed a directory / instead. But this should not happen. There should be an elegant way to remove a Plasmoid without rm -rf. But this does need to be fixed. This is not a good look for any Linux desktop, you would think someone would package the Plasmoid and you could use the package manager to install and remove it. This would prevent the need to use a dodgy installation script. That does not make KDE trustworthy as a desktop environment and this does not help KDE in general. Find the Plasmoid source here to look for yourself.

https://github.com/paju1986/PlasmaConfSaver.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.