Automount security concerns?

[Markus Slopianka]

I'm wondering if you took the time to actually try Plasma Desktop before posting that 
mail.
By default no drive is mounted automatically. Device Notifier just notifies that a new 
drive is present. Users have to click first (either in the Plasma popup or Dolphin's side 
bar) to mount the drive. To get automatic mounting, the user has to change settings first.
Because of this the gives attack case is of no concern.

Am Freitag 11 März 2011, 18:35:45 schrieb Matthias Fuchs:
> Hi,
> 
> I just watched a video [1] on exploiting autrun/generating of
> thumbnails/... of data on usb sticks.
> Yes this is specific to Gnome, though I wonder if that could be a problem
> in KDE too, as is mentioned at the ending.
> E.g. I don't know if strigi starts indexing files automatically on mounted
> stuff.
> 
> Yes physical access is always bad. But imagine you are at a place where
> many people are (and stealing the pc is no option). Just going to the
> toilet for a short moment -- with the screen locked -- could make your
> computer cracked.
> 
> In general I think that nothing usb-stick/new hardware related should
> happen if the screen is locked. And if really a usb-stick is connected to
> the pc while locked, when a dialog should pop up -- which can only be
> accessed when unlocking -- asking for further actions.
> This way the risk is reduced and the user gets informed at the same time.
> 
> Now where should this happen? Probably in solid, so that nothing being in
> general informed of new devices will be activated.
> 
> [1] http://www.youtube.com/watch?v=ovfYBa1EHm4