Description of problem: User mounted filesystems should by default be mounted with options preventing the execution of binaries, to avoid infection or execution of malware on possibly untrusted media (USB storage devices, storage cards such as SD etc.). However, in Mageia (1 and 2), at least with KDE, execute permissions are available by default on user mounted filesystems. I mounted my external USB hard drive from the KDE popup, and the mount options used were: /dev/sdb1 on /media/smartdrive type ext3 (rw,nosuid,nodev,relatime,errors=continue,barrier=1,data=ordered) A file marked as executable could be executed. In the case of a vFAT filesystem, files could not be marked executable, but both the 'user' and 'noexec' mount options were not present. Version-Release number of selected component (if applicable): I've lost track on which component is responsible for user-mounting of filesystems with all the changes ... How reproducible: Always Steps to Reproduce: 1. Format a removable storage device with a Unix filesystem (e.g. ext3) 2. Connect the storage device, and when the device notifier plasmoid pops up a dialog, choose to open in file manager 3. Verify the mount options do not include 'user' or 'noexec', and that an executable file can be executed
*** Bug 10776 has been marked as a duplicate of this bug. ***
CC: (none) => jan
I was told it might be related to udisks2, assigning to its maintainer. Please assign back to default if I was wrong.
Keywords: (none) => TriagedCC: (none) => stormiAssignee: bugsquad => fundawangSource RPM: (none) => udisks2
This message is a reminder that Mageia 2 is nearing its end of life. Approximately one month from now Mageia will stop maintaining and issuing updates for Mageia 2. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '2'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 2's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 2 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. -- The Mageia Bugsquad
Mageia 2 changed to end-of-life (EOL) status on ''22 November''. Mageia 2 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- The Mageia Bugsquad
Status: NEW => RESOLVEDResolution: (none) => OLD