KDE Security Advisory: Arbitrary command execution in the removable device notifier

Chat about Linux in general
Post Reply

User avatar
catweazel
Level 14
Level 14
Posts: 5457
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: KDE Security Advisory: Arbitrary command execution in the removable device notifier

Post by catweazel » Mon Feb 12, 2018 6:19 pm

JoeFootball wrote:
Mon Feb 12, 2018 2:11 pm
Oops. :)
Really, I had to laugh at that.
A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. - Max Planck

User avatar
JoeFootball
Level 6
Level 6
Posts: 1310
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: KDE Security Advisory: Arbitrary command execution in the removable device notifier

Post by JoeFootball » Tue Feb 13, 2018 7:19 am

So theoretically, one could create a USB drive label containing a nefarious shell command, walk up to someone's KDE deployment, plug it in, and *poof*. Eeek.

Can drives mount if the session is locked? Hmmm...

Joe


Post Reply

Return to “Chat about Linux”