[prev in list] [next in list] [prev in thread] [next in thread]
List: kde
Subject: KFM - tricking users
From: Paul <paul () boehm ! org>
Date: 1998-04-16 19:26:35
[Download RAW message or body]
The following .kdelnk file may make users think it's actually a directory
and thus making them execute any command you want, espescially dangerous
if root does user homedirectory maintaince with kfm and you call the file
HACKING_TOOLS.kdelnk ! Most likely the naive sysadmin will click on it
this is no real bug and i don't see any way to fix it without losing
functionality, just wanted to show it's possible.
------SNIP: sample_abuse.kdelnk------
# KDE Config File
[KDE Desktop Entry]
Comment=Sample KFM Abuse
Name=Sample KFM Abuse
Exec=put something incredibly evil here
Icon=folder.xpm
Type=Application
------SNIP---------------------------
bye,
paul
--
Paul S. Boehm | "We all know Linux is great...
paul@boehm.org | it does infinite loops in 5 seconds."
Freelance Security Consulter | - Linus Torvalds
--
Send posts to: kde@lists.netcentral.net
Send all commands to: kde-request@lists.netcentral.net
Put your command in the SUBJECT of the message:
"subscribe", "unsubscribe", "set digest on", or "set digest off"
**********************************************************************
This list is from your pals at NetCentral <http://www.netcentral.net/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic