[conspire] Autorun in GNOME/Nautilus

Nick Moffitt nick at zork.net
Tue Sep 27 01:57:27 PDT 2011

Rick Moen:
> So, wait, I thought, did some idiot implement some bit of ignominous,
> obviously dangerous stupidity like autorunning programs upon mounting
> of volumes?  A brief check of the YouTube clip suggests it's exactly
> the first people I'd suspect:  Freedesktop.org / GNOME.
> http://standards.freedesktop.org/autostart-spec/autostart-spec-latest.html
>   ...When a new medium is mounted and a) the medium does not contain
>   an Autostart file or b) a policy to ignore Autostart files is in
>   effect then the root directory of the medium should be checked for
>   the following Autoopen files in order of precedence: .autoopen,
>   autoopen .  Only the first file that is present should be
>   considered....
> Wow.  Just wow.  These jackasses want to replicate on Linux/BSD _all_
> the most infamous security blunders Microsoft committed in the 1980s
> and 1990s.

To be fair, the autostart brainworms described here are pretty
universally disabled on any major OS.  I don't think this spec actually
drives anything right now.  Distros have security teams with big hammers
that say "STOP WANTING THAT" in bas-relief on the sticky side, and they
wield them with force.

The autorun problem that *actually* exists is the image thumbnailer in
nautilus.  If you can generate a file that can exploit the thumbnailer
somehow, you have a path toward executing arbitrary code.  This is where
apparmor does true magic on Ubuntu, because the thumbnailer is basically
in the equivalent of a capabilities jail.

"It is not very unreasonable that the rich should
contribute to the public expense, not only in
proportion to their revenue, but something more than in
that proportion." -- Adam Smith, Wealth of Nations

More information about the conspire mailing list