Ubuntu
gsettings-desktop-schemas package

Autorun files from Removable Media

Bug #1617620 reported by johnmne
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gsettings-desktop-schemas (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Ubuntu 16 is still automatically executing software that resides in an external resource (removable media), such as USB or CD.

I don't need to tell you how bad this is..

---

You can see the default value that allows to autoplay / autorun files by doing the following steps:

1. In Ubuntu 16.04, go to Settings -> Details.
2. In the left pane choose "Removable Media".
3. On the right pane you'll see "Software", while the value in the drop-down menu is "Run Software".

---

A fix suggestion:
Instead of "Run Software", the default value should be "Do nothing".

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Interesting; I don't think I've ever seen this control panel page before. Mine has "Never prompt or start programs on media insertion" checked. I wonder if this is the default or not?

Thanks

information type: Private Security → Public Security
Emily Ratliff (emilyr)
affects: gnome-control-center (Ubuntu) → unity-settings-daemon (Ubuntu)
Changed in unity-settings-daemon (Ubuntu):
status: New → Confirmed
Emily Ratliff (emilyr)
affects: unity-settings-daemon (Ubuntu) → unity-control-center (Ubuntu)
Revision history for this message
johnmne (phi-reporter) wrote :

@Seth Arnold:

Yes, unfortunately that is the default value.
(I installed a fresh version of Ubuntu 16 that was downloaded directly from the website. Also I verified the checksum and it was valid.)

Sebastien Bacher (seb128)
Changed in unity-control-center (Ubuntu):
importance: Undecided → Low
Revision history for this message
Sebastien Bacher (seb128) wrote :

The key/default value comes from
https://git.gnome.org/browse/gsettings-desktop-schemas/tree/schemas/org.gnome.desktop.media-handling.gschema.xml.in#n19

Revision history for this message
johnmne (phi-reporter) wrote :

In addition to the fix suggestion that I wrote in my first post, please also have the checkbox of "Never prompt or start programs on media insertion" as checked (this should be the default).

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Hi,

To get the default changed, could you please file a bug with the upstream GNOME project here:

https://bugzilla.gnome.org/

Once you've filed the bug, please like the upstream bug to this one.

Thanks!

Marc Deslauriers (mdeslaur)
Changed in gsettings-desktop-schemas (Ubuntu):
status: New → Confirmed
Sebastien Bacher (seb128)
Changed in gsettings-desktop-schemas (Ubuntu):
importance: Undecided → Low
Jeremy Bícha (jbicha)
Changed in gsettings-desktop-schemas (Ubuntu):
status: Confirmed → Fix Committed
no longer affects: unity-control-center (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gsettings-desktop-schemas - 45~rc-1ubuntu1

---------------
gsettings-desktop-schemas (45~rc-1ubuntu1) mantic; urgency=medium

  * Merge with Debian. Remaining changes:
    - Add ubuntu_lock-on-suspend.patch
    - Add dark-theme migration script using dh-migrations
  * Drop Breaks: ukwm because ukwm still runs but fails to build from source
    for unrelated reasons

gsettings-desktop-schemas (45~rc-1) unstable; urgency=medium

  * New upstream release
    - media-handling: Don't autostart software by default when media is inserted
      (LP: #1983778, LP: #1617620)
  * Add Breaks against packages that used dropped toggle-shaded
  * Drop obsolete Breaks

gsettings-desktop-schemas (44.0-2) unstable; urgency=medium

  * Update standards version to 4.6.2, no changes needed
  * Release to unstable

 -- Jeremy Bícha <email address hidden> Thu, 07 Sep 2023 13:24:00 -0400

Changed in gsettings-desktop-schemas (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.