[conspire] Autorun in GNOME/Nautilus

Rick Moen rick at linuxmafia.com
Tue Sep 27 15:34:39 PDT 2011

Quoting Ruben Safir (ruben at mrbrklyn.com):

> My opensuse distro is defaulted to Gnome and I've never seen it start
> any application automatically from a thumbdrive or a disk.

Further reading, and going back and consulting the FDO spec, reveals
that I missed an important sentence.  So, I take back (and regret) that

   The desktop environment MUST prompt the user for confirmation before
   automatically starting an application. 

(I really don't entirely like 'Is it OK to run some executable you've 
never seen on a USB stick?' dialogues as a security solution, but must 
admit that it's miles away from merely enabling autorun on mount.)

Nick is correct that the thumbnailers (of which there are several in a
typical GNOME setup, not just the one in Nautilus) are the juicier
target.  Fortunately, I'm seeing signs that this is being recognised and
dealt with via AppArmor, position-independent executables (PIE),
software to use the No eXecute bit (PaX or Exec Shield), and address
space layout randomization (ASLR).  


More information about the conspire mailing list