It is currently Tue Dec 01, 2020 1:44 am
All times are UTC + 8 hours

Security inside

Backup and data protection discussion at its finest.

Security inside

Postby asl » Tue May 17, 2016 5:19 pm

I had a quick look inside the Linux system by sshing into and I was a little surprised, to say the least.

  • Files I wanted to restrict access to have 766 permissions (i.e. readable and writable to any running process)
  • Apps are typically running as as root or admin

The developer documentation at developer.asustor.com actually recommends to set 766 world-writable permissions, so I assume that this is not an accident.

This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.

I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.

Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?
asl
 
Posts: 5
Joined: Tue May 17, 2016 4:37 pm

Re: Security inside

Postby core » Sat May 23, 2020 2:29 pm

asl wrote:...
This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.

I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.

Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?


I recently got my NAS. Have you noticed any improvement? The Docker based apps seem like they can offer more isolation.
AS6208T + AS6004U
User avatar
core
 
Posts: 19
Joined: Sat May 16, 2020 5:12 am

Return to Backup and Data Protection

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests