The system's default desktop environment, GNOME3, uses
a number of different thumbnailer programs to generate thumbnails
for any new or modified content in an opened folder. To disable the
execution of these thumbnail applications, add or set disable-all
to true in /etc/dconf/db/local.d/00-security-settings.
For example:
[org/gnome/desktop/thumbnailers]
disable-all=true
Once the settings have been added, add a lock to
/etc/dconf/db/local.d/locks/00-security-settings-lock to prevent user modification.
For example:
/org/gnome/desktop/thumbnailers/disable-all
After the settings have been set, run dconf update.
This effectively prevents an attacker from gaining access to a
system through a flaw in GNOME3's Nautilus thumbnail creators.