inode0 wrote:
On 2/13/07, John Summerfield <[EMAIL PROTECTED]> wrote:
inode0 wrote:
> On 2/12/07, John Summerfield <[EMAIL PROTECTED]> wrote:
>> Scott Bambrough wrote:
>> > The current automount behaviour is rather strict, but quite possibly
>> > valid for a server. Is this intended?
>>
>> I'm sure it is; one of the things I don't want is autorun stuff being
>> autorun:-)
>
> Surely having the exec option set in RHEL5 doesn't cause things to
> autorun?! Doesn't that still require running autorun or something
> similar?
exec is required for some aspects of autorun, but does not cause
autorun: one could cause a folder to open, for example. However, I don't
know how to enable autorun to allow folders to open without also
allowing exec, except for "mount -o noexec."
>
> It does help though when you want to execute programs from the CD.
> That doesn't seem like that unusual a situation. And it does appear to
> be a change in behavior from earlier versions of RHEL. I'd like to
> hear a reason for this sort of change too.
I prefer "having to work" to get to run stuff from the CD. It allows me
to make an informed decision.
What happens of there's a 'sploit involving image processing that
"allows the execution of arbitrary code with the authority of the user"
(it's happened) and I persuade you to mount a CD that exposes you to
that? Could I get your secrets - maybe banking details, ssh & other
cryptographic keys, a catalogue of your photo library?
If you are Xandros you probably will get sued. :)
Obviously, if I am going to install Xandros I trust them to put all
sorts of things on my system. If I don't, I have no business sticking
their CD into my drive and telling it to run anything.
My objection is to stuff being run before the user's decided it's a good
idea.
I'm also a Windows administrator. One can install Windows by running a
particular program that's on the install CD*.
I could construct a CD, it's no big deal, that when booted under
Windows, installs Windows. I've done it, it works a treat: in our case,
it installs off our LAN, and all it uses is the autorun feature.
I could use this feature to upgrade from Windows 9x/ME or from
NT/2000/XP/2003 Server to NT/2000/XP/2003 Server.
Probably, it wouldn't be too hard to create a disk that replaces Windows
with Linux just as automatically:-)
* You need to be an administrator for this to work, but lots of Windows
users are administrators. I just completed a Windows install on my
Thinkpad R40, and IBM's setup created the one user account I asked for,
as an administrator and without a password, and didn't set a password
for the Administrator account. Most users wouldn't know there was a problem.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Please do not reply off-list
_______________________________________________
rhelv5-beta-list mailing list
rhelv5-beta-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-beta-list
