Linux autorun vulnerabilities? [LWN.net]

Linux autorun vulnerabilities?

Posted Feb 10, 2011 18:46 UTC (Thu) by tetromino (subscriber, #33846)
In reply to: Linux autorun vulnerabilities? by rfunk
Parent article: Linux autorun vulnerabilities?

I think you have your terminology mixed up. Autorun means "automatically run an executable with a particular name located in the root directory of a piece of media when that media is mounted". Ubuntu does not do autorun by default. Instead, it pops up a dialog box that asks you what you want to do with a piece of newly mounted media, and if an autorun executable is present, then running that executable will be one of the possible choices.

The big problem is not with autorun, but with (a) the "auto open in Nautilus" that Ubuntu uses as the default action for newly mounted USB mass storage devices, and (b) the fact that when Nautilus opens a folder, it will automatically generate thumbnails for all the files in it, no matter whether the folder is /home/rfunk or /media/evil_exploit_filled_USB_flash_drive.

(Log in to post comments)

Linux autorun vulnerabilities?

Posted Feb 10, 2011 19:00 UTC (Thu) by rfunk (subscriber, #4054) [Link]

Yeah, I realize it's a slight tangent. I guess I consider automount a prerequisite for autorun, and I don't want either one to happen.

But thanks to your explanation about what Nautilus is doing, I was able to find the right gconf keys to flip in gconf-editor:
/apps/nautilus/preferences/media_automount
/apps/nautilus/preferences/media_automount_open
/apps/nautilus/preferences/media_autorun_never

Now I just wish I could keep Nautilus from even being triggered at all when media is inserted, unless I'm actually running GNOME.