[CentOS] Good Centos Security Advice & Gnome Thumbnails

Sat Jun 25 01:18:08 UTC 2011
Always Learning <centos at u6.u22.net>

Browsing the net for one thing unexpectedly brought me to two good and
useful documents:

(1) Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
Revision 4.1
February 28, 2011


(2) Hardening Red Hat Enterprise Linux 5
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf
Updated 12 August 2010

Gnome Thumbnail system is mentioned in (1) as dangerous. As many
Centos/Red Hat installations use it, here is a brief extract from page
30.


2.2.2.6
Disable All GNOME Thumbnailers if Possible

The system’s default desktop environment, GNOME, uses a number of
different thumbnailer programs to generate thumbnails for any new or
modified content in an opened folder.

Execute the following command to prevent the thumbnailers from
automatically creating thumbnails for new or modified folder contents:

gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /desktop/gnome/thumbnailers/disable_all true

This effectively prevents an attacker from gaining access to a system
through a flaw in GNOME’s Nautilus thumbnail creators.

------

I hate the thumbnailers, particularly as I have over 12,000 photographs
on one machine and thousands more to be added. Eye of Gnome just ignores
the 'thumbnail' off setting in Gnome.

-- 

With best regards,

Paul.
England,
EU.