[gptalk] Re: Desktop Wallpaper Security Risk?

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 8 Jun 2007 10:54:35 -0700

There have certainly been exploits that have leveraged various image file
formats in the past, so theoretically this is possible. I'm not sure how
much of a risk it is in practice, but if you are very concerned about
security, I would err on the side of caution and simply disallow it. Or, at
the very least, provide a process where user background files must be
approved prior to use (lots of bureaucracy in that of course!).


Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Des Flynn
Sent: Friday, June 08, 2007 10:50 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Desktop Wallpaper Security Risk?

 

Hi:

 

As part of our secured desktops we use GPOs to lockdown the desktops and we
prevent users from changing their desktop wallpaper. This helps to ensure a
consistent look but the question often comes up "Is allowing users to change
their desktop background actually a security risk?"  

 

Users want the ability to customize at least this part of their work
environment. I'm just not sure what holes this might expose. Any thoughts?

 

Des

 

--------------------------------------------------

 Des Flynn

 System Administrator

 ITS - User Services, Brock University

 St. Catharines, Ontario, Canada, L2S 3A1

 PH: 905 688-5550 x 4588

--------------------------------------------------

 



Confidentiality Notice: This e-mail, including any attachments, may contain
confidential or privileged information. If you are not the intended
recipient, please notify the sender by e-mail and immediately delete this
message and its contents. Thank you. 

Other related posts: