Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu User (http://www.linux-archive.org/ubuntu-user/)
-   -   create a boot-able disk from an iso file (http://www.linux-archive.org/ubuntu-user/476272-create-boot-able-disk-iso-file.html)

MR ZenWiz 01-13-2011 09:34 PM

create a boot-able disk from an iso file
 
On Thu, Jan 13, 2011 at 12:47 PM, Boggess Rod <rboggess@tenovacore.com> wrote:
>
> I don't claim to be an expert on this, but there are files called
> something like *.desktop? They behave similar to old windows PIF
> (Program Information Files) that allow GNOME (or KDE) to associate a
> file with an application. Here's where I read about it (though it hardly
> seems alarming): http://www.geekzone.co.nz/foobar/6229
>

As alarming as that article is, and it's a very good read - thank you,
that hole appears to have been plugged at least as of Maverick and
Gnome 2.32.

I tested this by copying bluetooth-applet.desktop from my
.config/autostart directory into a temporary that I planned to run as
a test and modified the shell line to do a simple echo command, then
deleted the "X-GNOME-Autostart-enabled=false" line and copied it to my
desktop, then double-clicked on it. I get a pop-up window that says
this:

Untrusted application launcher
The application launcher "test.desktop" has not been marked as
trusted. If you do not know the source of this file, launching it may
be unsafe.

Just for fun, I also did this with the bluetooth-applet.desktop, and
it got the same warning. To be on the thorough side, I also added
"X-GNOME-Autostart-enabled=true" to the end of my test file and it
still refuses to launch. Finally, I copied a launcher that I know
does get executed when I log in to a test launcher, modified it to do
something harmless, copied it to my desktop and blam - same error.

Still, I confess that I'm not at all clear how Gnome knows that these
launchers should not be trusted - there doesn't appear to be anything
in the file itself, nor in its (nautilus) properties, that so
indicates.

Conclusion: Keep your wits about and trust nothing when it comes to
possible exploits, but be aware of what does and does not work, too.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

"Boggess Rod" 01-14-2011 01:40 PM

create a boot-able disk from an iso file
 
>As alarming as that article is, and it's a very good read - thank you,
>that hole appears to have been plugged at least as of Maverick and
>Gnome 2.32.

Yea, I read that soon after I sent the article.
(http://www.algorithm-forge.com/techblog/2009/07/executable-application-
launcher/) It appears that the X-bit is being hijacked as a trust bit,
and it's not set by default. The first time you say to trust it, it
marks that bit and never asks again. Here's more discussion on the
topic:

http://lwn.net/Articles/320707/



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

MR ZenWiz 01-14-2011 06:34 PM

create a boot-able disk from an iso file
 
On Fri, Jan 14, 2011 at 6:40 AM, Boggess Rod <rboggess@tenovacore.com> wrote:
>
> Yea, I read that soon after I sent the article.
> (http://www.algorithm-forge.com/techblog/2009/07/executable-application-
> launcher/) It appears that the X-bit is being hijacked as a trust bit,
> and it's not set by default. The first time you say to trust it, it
> marks that bit and never asks again. Here's more discussion on the
> topic:
>
> http://lwn.net/Articles/320707/
>

I found it interesting that the first article suggests that /home be
mounted noexec. Wouldn't that completely cripple desktop icons? (Not
that this is a bad idea, but hmm....)

I routinely write and maintain a fair number of custom binaries and
shell scripts that I have, until now, kept in my ~/bin directory. If
I made /home noexec, I'd have to create another directory somewhere
for my customizations. It's not a big issue and the "security"
trade-off might make it worthwhile, but it strikes me as a pain.

For one thing, I have a semi-universal .bashrc (and corresponding
alias and function files) that I can transport to just about any Linux
or UNIX system (most recently even a MAC) and they just work, but one
of the tiny little dependencies is that I can use my $HOME/bin for all
the shell scripts or programs that I want to being along as well.

Oh, well, just one more tripping block in the whole security with
customizations area. Guess I'll need to create a custom "installer"
for my custom non-/home bin directory, not to mention a source
directory for the programs with a make file that puts them in the
right place, too, yada, yada, yada.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


All times are GMT. The time now is 02:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.