LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux autorun vulnerabilities?

Linux autorun vulnerabilities?

Posted Feb 10, 2011 15:24 UTC (Thu) by rfunk (subscriber, #4054)
Parent article: Linux autorun vulnerabilities?

I'm unhappy that Ubuntu is now apparently auto-mounting new devices by default, let alone autorunning what's on there. I started noticing this after my 10.10 upgrade.

It's especially annoying since I'm running KDE and I get an obviously GNOME-based dialog box asking me what I want to do with the content found on the device. The most annoying part is also the part that makes it most obvious that it comes from GNOME, is that the only apps I'm offered to open the content are GNOME apps, ignoring my KDE (and other) apps.

(Log in to post comments)

Linux autorun vulnerabilities?

Posted Feb 10, 2011 18:46 UTC (Thu) by tetromino (subscriber, #33846) [Link]

I think you have your terminology mixed up. Autorun means "automatically run an executable with a particular name located in the root directory of a piece of media when that media is mounted". Ubuntu does not do autorun by default. Instead, it pops up a dialog box that asks you what you want to do with a piece of newly mounted media, and if an autorun executable is present, then running that executable will be one of the possible choices.

The big problem is not with autorun, but with (a) the "auto open in Nautilus" that Ubuntu uses as the default action for newly mounted USB mass storage devices, and (b) the fact that when Nautilus opens a folder, it will automatically generate thumbnails for all the files in it, no matter whether the folder is /home/rfunk or /media/evil_exploit_filled_USB_flash_drive.

Linux autorun vulnerabilities?

Posted Feb 10, 2011 19:00 UTC (Thu) by rfunk (subscriber, #4054) [Link]

Yeah, I realize it's a slight tangent. I guess I consider automount a prerequisite for autorun, and I don't want either one to happen.

But thanks to your explanation about what Nautilus is doing, I was able to find the right gconf keys to flip in gconf-editor:
/apps/nautilus/preferences/media_automount
/apps/nautilus/preferences/media_automount_open
/apps/nautilus/preferences/media_autorun_never

Now I just wish I could keep Nautilus from even being triggered at all when media is inserted, unless I'm actually running GNOME.

Ubuntu/KDE

Posted Feb 10, 2011 23:40 UTC (Thu) by ccurtis (guest, #49713) [Link]

How do you manage that? Did you start with GNOME and then install KDE later?

I've always run Kubuntu and in 10.10 I get a KDE tray popup that says I have two options for the device. I can click the button in the far right to mount it, or anywhere on the device label to display a dropdown of my two options.

My two options are [a] Download Photos with Gwenview (a KDE app) or [b] Open with File Manager, which opens Dolphin.

Ubuntu/KDE

Posted Feb 11, 2011 0:33 UTC (Fri) by rfunk (subscriber, #4054) [Link]

I normally install Kubuntu, then add the ubuntu-desktop metapackage -- as well as kde-full. I like to have everything available to me; I just don't want it all running at once. :-)

I get the KDE tray popup too; I just wish that were all I got.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds