113651 – running autorun.sh by default is a security risk

Bug 113651 - running autorun.sh by default is a security risk

Summary: running autorun.sh by default is a security risk

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	KDE (show other bugs)
Version:	Beta 3
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-28 16:11 UTC by Christian Boltz
Modified:	2005-09-07 08:03 UTC (History)
CC List:	0 users

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Boltz 2005-08-28 16:11:24 UTC

SUSEplugger has support for running autorun.sh when loading a CD or DVD. Maybe 
this is a nice feature, but it is also a security risk when loading a CD. 
 
The better solution would be to *not* enable it by default. If a user really 
wants this function, he can enable it himself.

Comment 1 Stephan Kulow 2005-08-28 18:09:57 UTC

did you try or did you just hear about it? Because it's supposed to ask the 
user not run it automaticall

Comment 2 Christian Boltz 2005-08-29 22:47:56 UTC

I saw it in the config dialog, but didn't test since I don't have a CD with a 
autorun.sh script. 
 
If, as you write, the user is asked before autorun.sh is run, feel free to 
close this bug ;-)

Comment 3 Dirk Mueller 2005-09-07 08:03:07 UTC

we think its fixed (beta4plus)