inode0 wrote:
On 2/12/07, John Summerfield <[EMAIL PROTECTED]> wrote:
Scott Bambrough wrote:
> The current automount behaviour is rather strict, but quite possibly
> valid for a server. Is this intended?
I'm sure it is; one of the things I don't want is autorun stuff being
autorun:-)
Surely having the exec option set in RHEL5 doesn't cause things to
autorun?! Doesn't that still require running autorun or something
similar?
exec is required for some aspects of autorun, but does not cause
autorun: one could cause a folder to open, for example. However, I don't
know how to enable autorun to allow folders to open without also
allowing exec, except for "mount -o noexec."
It does help though when you want to execute programs from the CD.
That doesn't seem like that unusual a situation. And it does appear to
be a change in behavior from earlier versions of RHEL. I'd like to
hear a reason for this sort of change too.
I prefer "having to work" to get to run stuff from the CD. It allows me
to make an informed decision.
What happens of there's a 'sploit involving image processing that
"allows the execution of arbitrary code with the authority of the user"
(it's happened) and I persuade you to mount a CD that exposes you to
that? Could I get your secrets - maybe banking details, ssh & other
cryptographic keys, a catalogue of your photo library?
Nah, I don't like autorun.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Please do not reply off-list
_______________________________________________
rhelv5-beta-list mailing list
rhelv5-beta-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-beta-list
