Automount security concerns?
Matthias Fuchs
mat69 at gmx.net
Fri Mar 11 17:35:45 GMT 2011
Hi,
I just watched a video [1] on exploiting autrun/generating of thumbnails/...
of data on usb sticks.
Yes this is specific to Gnome, though I wonder if that could be a problem in
KDE too, as is mentioned at the ending.
E.g. I don't know if strigi starts indexing files automatically on mounted
stuff.
Yes physical access is always bad. But imagine you are at a place where many
people are (and stealing the pc is no option). Just going to the toilet for a
short moment -- with the screen locked -- could make your computer cracked.
In general I think that nothing usb-stick/new hardware related should happen
if the screen is locked. And if really a usb-stick is connected to the pc
while locked, when a dialog should pop up -- which can only be accessed when
unlocking -- asking for further actions.
This way the risk is reduced and the user gets informed at the same time.
Now where should this happen? Probably in solid, so that nothing being in
general informed of new devices will be activated.
[1] http://www.youtube.com/watch?v=ovfYBa1EHm4
More information about the kde-core-devel
mailing list