From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) When you start up kde 1 in redhat 7, the autostart folder contains an autorun script to run autorun, but only if there is not already one running. However, kde appears to be failing to kill this process upon exiting kde. This causes an autorun process to be left over. Because this process is left over, when a second user logs in, their "personal" autorun will not start. However, if they put in a cdrom, it will still autorun, or attempt to, but with the first users permissions. Because most autorun scripts invoke an x command, and the x server is not allowing any unauthorized connections, this only shows up as "nothing" (no application pops up, but the cd is still mounted). However, if one executes an "xhost + localhost" before inserting a cd, any applications (x or otherwise) will run from the autorun script, _with the permissions of the first user_ not the second user. I tested this with a cd that had a /autorun that just ran an xterm Reproducible: Always Steps to Reproduce: 1.Check to make sure there are no autorun processes running and enter in as a user into kde. Then exit from kde. A ctrl-alt-f1 will confirm an autorun is still running 2.login as any other user into kde. do an xhost + localhost. I only did this so I could see an xterm. 3. insert the cd...up comes your /autorun, with permissions of the first user. You would have to disable exe off the cd to prevent, which pretty much destroys the point of autorun Actual Results: since my /autorun on the cd just ram /usr/X11/bin/xterm, I got a root permission'd xterm (the autorun was running as root) Expected Results: the autorun should have died when I exited kde the first time this was on redhat 7, running all the latest updates as of feb 8
I know, because autorun is a command line tool and doesn't know about KDE... I should find a way to cope with that..
fixed in autorun-2.63