[conspire] Autorun in GNOME/Nautilus
Nick Moffitt
nick at zork.net
Tue Sep 27 01:57:27 PDT 2011
Rick Moen:
> So, wait, I thought, did some idiot implement some bit of ignominous,
> obviously dangerous stupidity like autorunning programs upon mounting
> of volumes? A brief check of the YouTube clip suggests it's exactly
> the first people I'd suspect: Freedesktop.org / GNOME.
>
> http://standards.freedesktop.org/autostart-spec/autostart-spec-latest.html
>
> ...When a new medium is mounted and a) the medium does not contain
> an Autostart file or b) a policy to ignore Autostart files is in
> effect then the root directory of the medium should be checked for
> the following Autoopen files in order of precedence: .autoopen,
> autoopen . Only the first file that is present should be
> considered....
>
> Wow. Just wow. These jackasses want to replicate on Linux/BSD _all_
> the most infamous security blunders Microsoft committed in the 1980s
> and 1990s.
To be fair, the autostart brainworms described here are pretty
universally disabled on any major OS. I don't think this spec actually
drives anything right now. Distros have security teams with big hammers
that say "STOP WANTING THAT" in bas-relief on the sticky side, and they
wield them with force.
The autorun problem that *actually* exists is the image thumbnailer in
nautilus. If you can generate a file that can exploit the thumbnailer
somehow, you have a path toward executing arbitrary code. This is where
apparmor does true magic on Ubuntu, because the thumbnailer is basically
in the equivalent of a capabilities jail.
--
"It is not very unreasonable that the rich should
contribute to the public expense, not only in
proportion to their revenue, but something more than in
that proportion." -- Adam Smith, Wealth of Nations
More information about the conspire
mailing list