imagoodusername Posted June 10, 2016 Share Posted June 10, 2016 Hi all, Are dockers and plugins safe to use? Specifically I'm thinking about malware or security vulnerabilities. What, beyond the benevolence of the repository maintainer, would stop someone from creating a rogue plugin or docker that effectively turns your unRAID box into a bitcoin miner (eg). Is there any sort of screening for the software in the default plugin/docker list that is enabled in Community Applications? Am I being paranoid? Quote Link to comment
CHBMB Posted June 10, 2016 Share Posted June 10, 2016 Well as far as I know the repos within Community Applications are all on github and opensource, so feel free to browse them and audit what is being installed yourself. I know that at linuxserver.io we always publish the github repo for each release so you can look at it and we encourage you to put pull requests in if you think they're needed. Quote Link to comment
Squid Posted June 11, 2016 Share Posted June 11, 2016 Hi all, Are dockers and plugins safe to use? Specifically I'm thinking about malware or security vulnerabilities. What, beyond the benevolence of the repository maintainer, would stop someone from creating a rogue plugin or docker that effectively turns your unRAID box into a bitcoin miner (eg). Is there any sort of screening for the software in the default plugin/docker list that is enabled in Community Applications? Am I being paranoid? Safeguards are built into CA to allow its moderators to add comments and/or override any setting in the application's template, and additionally allow the moderators to immediately blacklist any application (and in more extreme cases an entire author / repository) should a concern like that pop up to prevent any further installations of the application. Additionally, if you have already installed the app, and also have Fix Common Problems plugin installed, then you would also receive a notification that whatever app you have installed has been blacklisted for such and such reasons (or has a moderator comment on it). (The moderation system is also built to allow comments / blacklistings to be placed on any application found on dockerHub, even if no unRaid repository contains that particular application) Additionally, CA automatically removes any embedded javascript from a template to prevent CA from becoming a vector for attacks. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.