Bug 113651

Summary: running autorun.sh by default is a security risk
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Christian Boltz <suse-beta>
Component: KDEAssignee: E-mail List <kde-maintainers>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Christian Boltz 2005-08-28 16:11:24 UTC 
SUSEplugger has support for running autorun.sh when loading a CD or DVD. Maybe 
this is a nice feature, but it is also a security risk when loading a CD. 
 
The better solution would be to *not* enable it by default. If a user really 
wants this function, he can enable it himself.
Comment 1 Stephan Kulow 2005-08-28 18:09:57 UTC 
did you try or did you just hear about it? Because it's supposed to ask the 
user not run it automaticall
Comment 2 Christian Boltz 2005-08-29 22:47:56 UTC 
I saw it in the config dialog, but didn't test since I don't have a CD with a 
autorun.sh script. 
 
If, as you write, the user is asked before autorun.sh is run, feel free to 
close this bug ;-)
Comment 3 Dirk Mueller 2005-09-07 08:03:07 UTC 
we think its fixed (beta4plus)