F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)

Darryl L. Pierce dpierce at redhat.com
Mon Jul 11 20:56:56 UTC 2011 

On Mon, Jul 11, 2011 at 04:19:31PM -0400, Deron Meranda wrote:
> For some reason, my Gnome 3 shell process has forked off an 'acroread'
> process which I did not start!
> 
> It appears to be attempting to install itself or do something in the
> background.  This is completely unacceptable, nothing should ever
> attempt to download and run some unauthenticated script and should
> never attempt to install anything without my explicit knowledge and
> permission!
> 
> I consider this to be a security breach and failure of the Fedora
> security policies to permit this.  In fact there should be a separate
> SELinux context for this commercial app just so it can't do anything
> to my system without my knowledge.
> 
> UID        PID  PPID  C STIME TTY          TIME CMD
> XXX       2509  2483  0 Jul10 ?        00:00:01 gnome-session
> XXX       2615  2509  1 Jul10 ?        00:12:04 /usr/bin/gnome-shell
> XXX      16717  2615  0 13:46 ?        00:00:08 acroread
> XXX      16769 16717 20 13:46 ?        00:29:25 /bin/sh
> /tmp/acrobat.n9vv0T/AdobeReader/INSTALL --lzma=/home/XXX
> XXX      7662 16769  0 15:40 ?        00:00:00 [INSTALL] <defunct>
> 
> Does the Gnome shell have some sort of auto-start or auto-update
> capability in it, that perhaps Adobe has surreptitiously hooked itself
> into. And how do I get it back out?

Yes, it does. Run gnome-session-properties and look at the list of
applications that will automatically load at session start.

> (The only reason I even have Adobe reader is because Evince can not
> fully handle the US IRS tax forms.)

What I'm failing to see is how this is a failing of Fedora. You
installed a non-Fedora package on your system (AdobeReader is not a part
of Fedora) and it is that non-Fedora package that appears to be doing
things in the background on your system. You can blame the distro for
compromising your system when you were the one who circumvented the
trusted packages list and installed something else.

-- 
Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110711/67ff77db/attachment.bin

More information about the users mailing list