Security inside
Posted: Tue May 17, 2016 5:19 pm
I had a quick look inside the Linux system by sshing into and I was a little surprised, to say the least.
This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.
I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.
Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?
- Files I wanted to restrict access to have 766 permissions (i.e. readable and writable to any running process)
- Apps are typically running as as root or admin
This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.
I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.
Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?