On 02/07/2011 12:21 PM, kellyremo wrote:How to disable autorun? Are there any hidden autorun features on astandard Fedora install?? http://securitytube.net/USB-Autorun-attacks-against-Linux-at-Shmoocon-2011-video.aspxOpen any Nautilus window (e.g., PLACES -> COMPUTER) and then EDIT->PREFERENCES. Autorun is controlled on the MEDIA tab. Check "Never prompt or start programs on media insertion" or use the controls above to do a bit more fine tuning.
... and, as you can see, the "Autorun" feature, in Linux, is really nothing more than starting an application that's already installed on the system, when a specific kind of media gets inserted. This is way, way different than automatically running software from the inserted media when you pop it in. Not even in the same league, in terms of a security issue. And, furthermore, that article really talks about things like using inserted media to exploit existing bugs in system software. So, for example, if, theoretically, there's an exploitable bug in the jpeg library, and autorun is set to open a folder when media is inserted, then, theoretically, a carefully crafted jpeg file on the inserted media would make you vulnerable to getting automatically p0wned if the autorun automatically pops up a nautilus folder, which attempts to generate a thumbnail for the jpeg file, and exploiting the jpeg library vulnerability. Were that even so, this would not be an autorun exploit, but rather the jpeg library exploit, in the first place. So, there is no issue with the "autorun" feature, as implemented in Nautilus/Gnome.
Attachment:
pgpMj_EpDXaaC.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines