Hey @Marc Deslauriers (mdeslaur) ,

I appreciate your reply, but please consider the following:

Reason #1:

Having that pop-up screen easily allows to perform the execution of a software.
Imagine, for example, a malicious person in a College or some other public 
place -  quickly inserting a USB device to a briefly unattended laptop and 
quickly clicking "Run" on the warning dialog.

These things may happen! I've witnessed students conspire to do that!

Why would Ubuntu make it so easy for people to execute software

Reason #2:

In the security aspect, the default approach should be to avoid any execution 
of software, or at least make it more difficult.
Automatic execution of software which is in a USB drive is considered a bad 
practice and is outdated.

Reason #3

I think that most people don't use an automatic execution of software.
Thus, why would Ubuntu even allow it to happen so easily?
Any person who use automatic execution could configure the appropriate configs.
But there is no reason for it to be allowed by default.


Bottom line, we are in an era where all options for Removable Media
should be "Do nothing" and the tickbox of "Never prompt or start
programs on media insertion" should be ticked.

The user has the option to change these configs.
Preferably, only admin (verified with password) is allowed to change these 

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.

  Major security issue in Ubuntu Desktop default config - Removable

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to