From: Perry Lorier <[EMAIL PROTECTED]> CC: [email protected] Subject: Re: RFC: Autostart spec, first draft Date: Sat, 09 Jul 2005 15:33:01 +1200
> Again, I ask; give us clear, obvious situations where this requirement > would stop an attack. I'm using a computer in a computer lab. I go to fetch a printout of my finished assignment, and lock my screen and leave for 5 minutes. Another student wants a copy of my assignment so they can cheat. They wander up to my locked PC and plug in their usb memory stick that contains an autorun that emails them my assignment. A) It shouldn't automatically run as me (because it's not my usb memory stick plugged in) B) It shouldn't run as me because the screensaver is locked which means I have implicitly said that any I/O from that session should be ignored until my password is entered. C) It shouldn't run off the FAT filesystem because the administrator has deliberately set filesystems that don't contain +x permission flags to not mount with files +x. D) It shouldn't run even if the filesystem does support execute permissions because the filesystem is mounted nosuid,noexec. I come back to my computer, there is no longer any usb devices plugged in, my computer is still locked and logged in as me, what evidence do I have that my assignment has been stolen?
Don't see how the -x thingy helps in this case.. Please find another one.
_______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
_________________________________________________________________ MSN Busca: fácil, rápido, direto ao ponto. http://search.msn.com.br _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
