Hey @Marc Deslauriers (mdeslaur) , I appreciate your reply, but please consider the following:
Reason #1: Having that pop-up screen easily allows to perform the execution of a software. Imagine, for example, a malicious person in a College or some other public place - quickly inserting a USB device to a briefly unattended laptop and quickly clicking "Run" on the warning dialog. These things may happen! I've witnessed students conspire to do that! Why would Ubuntu make it so easy for people to execute software automatically? Reason #2: In the security aspect, the default approach should be to avoid any execution of software, or at least make it more difficult. Automatic execution of software which is in a USB drive is considered a bad practice and is outdated. Reason #3 I think that most people don't use an automatic execution of software. Thus, why would Ubuntu even allow it to happen so easily? Any person who use automatic execution could configure the appropriate configs. But there is no reason for it to be allowed by default. --- Bottom line, we are in an era where all options for Removable Media should be "Do nothing" and the tickbox of "Never prompt or start programs on media insertion" should be ticked. The user has the option to change these configs. Preferably, only admin (verified with password) is allowed to change these configs. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1983778 Title: Major security issue in Ubuntu Desktop default config - Removable Media Status in gnome-control-center package in Ubuntu: Incomplete Bug description: There is a MAJOR SECURITY VULNERABILITY in Ubuntu Desktop since release 18.04 ! Recently I used Ubuntu 22.04 LTS and noticed that the issue still exist! I don’t know the reason for it, but default values for “Removable Media” are VERY Risky! It will automatically run the software which is attached to the removable media. Why? Why has Ubuntu still didn’t disable that option? The following is the default configuration (the “bad” configuration): https://imgur.com/XXXQlV2 The following is the configuration which Ubuntu should be having (it is the fix to the problem): https://imgur.com/a/0JeM6ve Please change the default configurations for Ubuntu! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1983778/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
