Shall we support the autorun feature?

Martin Alderson martinalderson at gmail.com
Tue Jan 4 08:37:13 CST 2005 

I'd suggest #3.

Why? Because it's vital things like this are done as 'across the
board' as possible. If not, we are going to see it splinter and
fragment, with commercial (off-the-shop-shelf) software only naming
those distributions that include this support as compatible.

It also improves the user experience by miles. Look at how hard it is
for the average user to install a game. On Windows it's insert the CD
and click next. On Linux it's open terminal, goto root, type some
cryptic command with symbols that users do not use normally, and hope
it works. This is not acceptable.

What I suggest is a confirmation dialog that pops up, asking if the
user wants to run the script (possibly word it as an installer program
or similar) or browse the files on the CD.

They are going to notice it because they have just done an action -
insert the CD - and will expect a reaction - some new thing to happen
- when they look up at the screen.

As for the security issue, please... what sort of issues could you get
from this? Someone mails you a CD in the post (like AOL) and you
insert it and get all of your files deleted? Don't think so. Or some
person in your office handing you a specially made CD to steal your
files? Again, it's highly unlikely. Look at Windows, this has been
implemented since at least '95 and I don't think there has been a
security issue ever arising from it. Maybe we should focus on the very
real issue of getting an easy to use update manager to patch systems,
preferably like SUS on Windows (having a server dedicated to approving
and deploying updates across an office network).

On Tue, 4 Jan 2005 11:36:47 +0100, Martin Pitt
<martin.pitt at canonical.com> wrote:
> Hi folks!
> 
> Bug #1956 deserves a public discussion, so let's do that here.
> 
> Gnome proper offers a so-called "autorun" feature for removable media.
> If enabled in gnome-volume-manager (disabled by default), g-v-m checks
> if a file "autorun" or "autorun.sh" is present and executable on newly
> mounted media. If so, the file is automatically executed.
> 
> However, since pmount mounts non-fstab drives with "noexec", this
> currently fails. So the question arises what we want to do with
> autorun in the future. I see the following options:
> 
> 1. Completely disable: pmount with noexec (as now), remove
>    the configuration option from gvm
> 2. enable: pmount with exec (should work automatically then)
> 3. enable with confirmation dialog: pmount with exec, change g-v-m to
>    confirm execution
> 
> I don't really like 3 because confirmation dialogs tend to get ignored
> and they do not tell you what exactly will be performed anyway. I
> doubt that many users would want to actually read the shell code (let
> alone analyze a binary) before executing it.
> 
> My personal preference is option 1.
> 
> It should be noted that our only use case so far - automatic Ubuntu CD
> upgrades - does not need this feature. This was solved by a hal script
> that checks whether an inserted CD is an Ubuntu one.
> 
> Any opinions about this?
> 
> Thanks,
> 
> Martin
> 
> --
> Martin Pitt                       http://www.piware.de
> Ubuntu Developer            http://www.ubuntulinux.org
> Debian GNU/Linux Developer       http://www.debian.org
> 
> 
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
> 
> 
> 
>

More information about the ubuntu-devel mailing list