In the CD-ROM case (bug #353548), the workaround/fix for this is to add "mode=0444" to the following gconf key:
/system/storage/default_options/iso9660/mount_options
This results in all files on CD-ROMs being mounted without the executable flag set, unless the CD-ROM has Rock-Ridge extensions that specify the permissions. Note that this will not prevent explicitly executing scripts on the disc via an interpreter.
In my opinion, this setting and the similar ones for vfat/ntfs mentioned above should be the default. I cannot think of any use-cases where someone would want to directly execute files from an external drive or CD-ROM.
In the CD-ROM case (bug #353548), the workaround/fix for this is to add "mode=0444" to the following gconf key: storage/ default_ options/ iso9660/ mount_options
/system/
This results in all files on CD-ROMs being mounted without the executable flag set, unless the CD-ROM has Rock-Ridge extensions that specify the permissions. Note that this will not prevent explicitly executing scripts on the disc via an interpreter.
In my opinion, this setting and the similar ones for vfat/ntfs mentioned above should be the default. I cannot think of any use-cases where someone would want to directly execute files from an external drive or CD-ROM.