Yves-Alexis, am Fri, Feb 18, 2011 at 10:13:30PM +0100 hast du folgendes geschrieben: > would it be possible to make a stable upload, targeted at 6.0.1 or > 6.0.2, to disable default automount/autobrowse in thunar-volman? > > It's only a matter of shipping a config file, so the following diff > should do the trick: > > + * debian/thunar-volman.xml: > + - disable device automount/autorun/autobrowse by default > --- thunar-volman-0.3.80.orig/debian/thunar-volman.xml > +++ thunar-volman-0.3.80/debian/thunar-volman.xml > @@ -0,0 +1,16 @@ > +<?xml version="1.0" encoding="UTF-8"?> > + > +<channel name="thunar-volman" version="1.0"> > + <property name="automount-media" type="empty"> > + <property name="enabled" type="bool" value="false"/> > + </property> > + <property name="automount-drives" type="empty"> > + <property name="enabled" type="bool" value="false"/> > + </property> > + <property name="autobrowse" type="empty"> > + <property name="enabled" type="bool" value="false"/> > + </property> > + <property name="autoopen" type="empty"> > + <property name="enabled" type="bool" value="false"/> > + </property> > +</channel> I don't get this. You're talking about autorun but all you disable is autoopen. To recap: autorun checks for the presence of `.autorun', `autorun' and `autorun.sh', asks for a confirmation and runs the script. autoopen checks for `.autoopen' and asks for a confirmation to open the selected file. Either both need to be disabled or none (given that there's a confirmation involved). But then I'm not at all convinced that we should do this change in stable. If it's a consensus to do it because of the security problems, then all DEs should get such changes (preferably by way of DSA so that's it's properly announced, it's a behaviour change after all). If it's not then why is only xfce doing it. I see the point of vulnerable thumbnailers, of course. But then you have the same problem when browsing the web and someone exploiting your system. We need to fix those thumbnailers. (On shared NFS or CIFS mounts it'd still be exploitable.) And for wheezy look into the containment of those like Ubuntu does. So that's a weak NACK at this point, sorry. Kind regards Philipp Kern
Attachment:
signature.asc
Description: Digital signature