[Secure-testing-team] Disabling autorun by default
Yves-Alexis Perez
corsac at debian.org
Mon Feb 14 09:14:27 UTC 2011
On dim., 2011-02-13 at 23:18 -0500, Michael Gilbert wrote:
>
> So far, I've only checked xfce, and it has autorun enabled by default.
> If there is consensus that this would be a good thing, then I'll start
> submitting bugs. Not sure if it would be worth pushing this in a point
> update for the stable releases also?
Fwiw I've been considering a chance in xfce for a long time now. I've
made the change in pkg-xfce (for 4.8) already and proposed upstream
(http://bugzilla.xfce.org/show_bug.cgi?id=7261) to change the default
too (not only for security reasons, I find that annoying to have the
thunar window popped up when I plug an usb key).
In our svn
(http://svn.debian.org/wsvn/pkg-xfce/goodies/branches/experimental/thunar-volman/debian/thunar-volman.xml) I've disabled all the enabled-by-default features (so automount for drives and media, autobrowse and autorun) but that's open for discussion (at least for automount, I think the two others should be left disabled by default).
I don't think that warrants a DSA but it the RT wants a stable update
for that I can prepare it.
Regards,
--
Yves-Alexis
More information about the Secure-testing-team
mailing list