Page 1 of 1

Security inside

PostPosted: Tue May 17, 2016 5:19 pm
by asl
I had a quick look inside the Linux system by sshing into and I was a little surprised, to say the least.

  • Files I wanted to restrict access to have 766 permissions (i.e. readable and writable to any running process)
  • Apps are typically running as as root or admin

The developer documentation at developer.asustor.com actually recommends to set 766 world-writable permissions, so I assume that this is not an accident.

This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.

I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.

Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?

Re: Security inside

PostPosted: Sat May 23, 2020 2:29 pm
by core
asl wrote:...
This looks like security inside the system is basically non existant. Every process, every installed app can do everything, including erasing all data or the entire system. Either maliciously or through a bug.

I for one would like to see something like the Android security model where every app runs under an own user id. Access to files should be explicitly allowed to apps, just like access to smb shares can be permitted to users. This would prevent those nasty crypto trojans from overtaking the entire NAS.

Can anyone clarify the situation (maybe I misunderstood something) or is anyone interested in changing this situation?


I recently got my NAS. Have you noticed any improvement? The Docker based apps seem like they can offer more isolation.