[gptalk] Re: Desktop Wallpaper Security Risk?

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 8 Jun 2007 10:54:35 -0700

There have certainly been exploits that have leveraged various image file
formats in the past, so theoretically this is possible. I'm not sure how
much of a risk it is in practice, but if you are very concerned about
security, I would err on the side of caution and simply disallow it. Or, at
the very least, provide a process where user background files must be
approved prior to use (lots of bureaucracy in that of course!).



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Des Flynn
Sent: Friday, June 08, 2007 10:50 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Desktop Wallpaper Security Risk?




As part of our secured desktops we use GPOs to lockdown the desktops and we
prevent users from changing their desktop wallpaper. This helps to ensure a
consistent look but the question often comes up "Is allowing users to change
their desktop background actually a security risk?"  


Users want the ability to customize at least this part of their work
environment. I'm just not sure what holes this might expose. Any thoughts?





 Des Flynn

 System Administrator

 ITS - User Services, Brock University

 St. Catharines, Ontario, Canada, L2S 3A1

 PH: 905 688-5550 x 4588



Confidentiality Notice: This e-mail, including any attachments, may contain
confidential or privileged information. If you are not the intended
recipient, please notify the sender by e-mail and immediately delete this
message and its contents. Thank you. 

Other related posts: