Automount security concerns?

Matthias Fuchs mat69 at
Fri Mar 11 17:35:45 GMT 2011


I just watched a video [1] on exploiting autrun/generating of thumbnails/... 
of data on usb sticks.
Yes this is specific to Gnome, though I wonder if that could be a problem in 
KDE too, as is mentioned at the ending.
E.g. I don't know if strigi starts indexing files automatically on mounted 

Yes physical access is always bad. But imagine you are at a place where many 
people are (and stealing the pc is no option). Just going to the toilet for a 
short moment -- with the screen locked -- could make your computer cracked.

In general I think that nothing usb-stick/new hardware related should happen 
if the screen is locked. And if really a usb-stick is connected to the pc 
while locked, when a dialog should pop up -- which can only be accessed when 
unlocking -- asking for further actions.
This way the risk is reduced and the user gets informed at the same time.

Now where should this happen? Probably in solid, so that nothing being in 
general informed of new devices will be activated.


More information about the kde-core-devel mailing list