Re: [squeeze] permission to upload thunar-volman
On Thu, 2011-03-03 at 21:10 +0100, Philipp Kern wrote:
> Yves-Alexis,
>
> am Fri, Feb 18, 2011 at 10:13:30PM +0100 hast du folgendes geschrieben:
> > would it be possible to make a stable upload, targeted at 6.0.1 or
> > 6.0.2, to disable default automount/autobrowse in thunar-volman?
> >
> > It's only a matter of shipping a config file, so the following diff
> > should do the trick:
> >
> > + * debian/thunar-volman.xml:
> > + - disable device automount/autorun/autobrowse by default
>
> > --- thunar-volman-0.3.80.orig/debian/thunar-volman.xml
> > +++ thunar-volman-0.3.80/debian/thunar-volman.xml
> > @@ -0,0 +1,16 @@
> > +<?xml version="1.0" encoding="UTF-8"?>
> > +
> > +<channel name="thunar-volman" version="1.0">
> > + <property name="automount-media" type="empty">
> > + <property name="enabled" type="bool" value="false"/>
> > + </property>
> > + <property name="automount-drives" type="empty">
> > + <property name="enabled" type="bool" value="false"/>
> > + </property>
> > + <property name="autobrowse" type="empty">
> > + <property name="enabled" type="bool" value="false"/>
> > + </property>
> > + <property name="autoopen" type="empty">
> > + <property name="enabled" type="bool" value="false"/>
> > + </property>
> > +</channel>
>
> I don't get this. You're talking about autorun but all you disable is
> autoopen. To recap: autorun checks for the presence of `.autorun',
> `autorun' and `autorun.sh', asks for a confirmation and runs the
> script. autoopen checks for `.autoopen' and asks for a confirmation
> to open the selected file.
This was the first patch, against 4.8 in experimental anyway.
The proposed config file for Squeeze is:
[Configuration]
AutomountDrives=FALSE
AutomountMedia=FALSE
Autorun=FALSE
Autoopen=FALSE
> Either both need to be disabled or none (given that there's a confirmation
> involved).
>
> But then I'm not at all convinced that we should do this change in stable.
> If it's a consensus to do it because of the security problems, then all DEs
> should get such changes (preferably by way of DSA so that's it's properly
> announced, it's a behaviour change after all). If it's not then why is
> only xfce doing it.
I don't know what other DEs are doing but as Xfce maintainer I'm not
comfortable about Xfce opening stuff and running stuff on removable
devices by default. At the very least, it find it annoying to have a
Thunar window popped up each time I plug an usb key.
>
> I see the point of vulnerable thumbnailers, of course. But then you have
> the same problem when browsing the web and someone exploiting your system.
> We need to fix those thumbnailers.
Yeah, definitely, the fix has to be in the thumbnailers but it's more
like a defense in depth stuff. If it can protect us in case there's an
vulnerability in a thumbnailer, it's good. Disabling automount means one
can't trigger a kernel module load for the fs on the key too, so in case
there's a vulnerability in a fs module, we can prevent that too.
> So that's a weak NACK at this point, sorry.
I'm not too strong about this, if you feel it'll be too disturbing for
users (not sure the consistency accross DEs really apply, but I can
understand it at least) then I won't push it :)
Regards,
--
Yves-Alexis
Reply to: