[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde
Subject:    KFM - tricking users
From:       Paul <paul () boehm ! org>
Date:       1998-04-16 19:26:35
[Download RAW message or body]

The following .kdelnk file may make users think it's actually a directory
and thus making them execute any command you want, espescially dangerous
if root does user homedirectory maintaince with kfm and you call the file
HACKING_TOOLS.kdelnk ! Most likely the naive sysadmin will click on it

this is no real bug and i don't see any way to fix it without losing
functionality, just wanted to show it's possible.

------SNIP: sample_abuse.kdelnk------
# KDE Config File
[KDE Desktop Entry]
Comment=Sample KFM Abuse
Name=Sample KFM Abuse
Exec=put something incredibly evil here
Icon=folder.xpm
Type=Application
------SNIP---------------------------

bye,
    paul

-- 

         Paul S. Boehm         | "We all know Linux is great...
        paul@boehm.org         |  it does infinite loops in 5 seconds."
 Freelance Security Consulter  |     - Linus Torvalds
-- 
Send posts to:  kde@lists.netcentral.net
 Send all commands to:  kde-request@lists.netcentral.net
  Put your command in the SUBJECT of the message:
   "subscribe", "unsubscribe", "set digest on", or "set digest off"
**********************************************************************
This list is from your pals at NetCentral <http://www.netcentral.net/>

[prev in list] [next in list] [prev in thread] [next in thread]