Shall we support the autorun feature?
John Richard Moser
nigelenki at comcast.net
Mon Jan 10 16:00:27 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Pitt wrote:
| Hi!
|
| nocturn [2005-01-04 6:15 -0500]:
|
|>I also favor disabling this. Some users may like this, but I see it
|>as a major security hole that a script gets executed without explicitly
|>calling it.
|>
|>If this is enabled by default, it will be easy to create malware that
|>executes something like rm -rf $HOME....
|
|
| To clarify this, this feature has never been enabled by default. You
| have to explicitly enable it in the gnome-volume-manager configuration
| dialog (System -> Settings -> Removeable media).
|
| The problem right now is that nothing really changes if you enable it;
| so _if_ we choose to not allowing to enable this feature, we should
| remove the option from the configuration dialog.
|
some users may want it; it's more prudent to grey out the option unless
media is present with the "noexec" option turned off. It would also be
interesting to make the option warn the user, and request their password
to sudo and fix fstab so that it'll work.
finally, should CDs really be noexec? quake3 installer, etc. . .
| Martin
|
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB4vr4hDd4aOud5P8RAlY+AJ4kGe7uANRu6xRW0R1qkrJyDds3bwCgkWaz
QQ/fPSvX/LmVys5TxBM2LJM=
=moTe
-----END PGP SIGNATURE-----
More information about the ubuntu-devel
mailing list