Bug#781608: MATE should disable automounting when screen is locked
Kees Cook
kees at debian.org
Tue Mar 31 14:40:41 UTC 2015
Package: caja
Version: 1.8.2-3
Severity: normal
Tags: patch, security
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch
To avoid auto-run drive-by attacks by a physically proximate attacker on
the system from USB auto-mounting screen is locked, the desktop should
delay automounting until the screen is unlocked (to not interfere with
the case of sitting back down at your system, plugging in a device,
and then unlocking your screen).
This is similar to how gnome-keyring flushes all keys the when locking
the screen.
http://www.net-security.org/secworld.php?id=10544
This was fixed in Gnome upstream and in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/714958
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/724285
The attached patch likely needs the dbus names changed to, e.g.,
"org.mate.ScreenSaver".
Thanks!
-Kees
--
Kees Cook @debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17_disable_locked_automounting.patch
Type: text/x-diff
Size: 10010 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mate-team/attachments/20150331/0687a3d2/attachment.patch>
More information about the pkg-mate-team
mailing list