Harrywong Posted December 10, 2018 Share Posted December 10, 2018 Same as topic, thanks! Link to comment
trurl Posted December 10, 2018 Share Posted December 10, 2018 What plugin do you mean? Link to comment
Harrywong Posted December 10, 2018 Author Share Posted December 10, 2018 5 hours ago, trurl said: What plugin do you mean? Plugin in general, for example, if the plugin is sandboxed / have no API or permission to access user data. If accessing user data is possible, I will reduce the number of plugin I use to a bare minimal to reduce the risk. Link to comment
bonienl Posted December 10, 2018 Share Posted December 10, 2018 Most (all) plugins do not access the array, because they are used to expand GUI functionality. Applications which need to access the array are highly preferred to run as Docker container. Docker allows explicit access rules for protection. Link to comment
itimpi Posted December 10, 2018 Share Posted December 10, 2018 2 minutes ago, Harrywong said: Plugin in general, for example, if the plugin is sandboxed / have no API or permission to access user data. If accessing user data is possible, I will reduce the number of plugin I use to a bare minimal to reduce the risk. Plugins are NOT sandboxed in any way and often run with root privileges so in principle you should assume that they can access any data on the server. Plugins are also not stopped from installing components that can interfere with core UnRAID functionality. Therefore as a rule plugins are only advisable for adding additional system capability, not for running apps. if you want apps to be sandboxed then run them as docker containers. When run that way the app only has access to the paths you configure it to use and you can also control the type of access. Docker containers also have the advantage that they are less likely to ‘break’ when the system is upgraded as they are largely isolated from the underlying OS. Link to comment
Harrywong Posted December 10, 2018 Author Share Posted December 10, 2018 Thanks! Among all the plugins, the only one that I actually need is SSD trim (fstrim -v /mnt/cache/). I am personally concerned with the risk that my data could be exposed by a malicious plugin or some malicious code accidentally introduced during a plugin update. So I ended up removing all the plugins and set the SSD trim manually using crontab. Link to comment
bonienl Posted December 10, 2018 Share Posted December 10, 2018 Not sure which plugins you had installed before, but I don't think any plugin puts your system at risk. As the creator of the dynamix plugins, I am 100% sure these plugins are safe. Link to comment
Harrywong Posted December 10, 2018 Author Share Posted December 10, 2018 Thanks, dynamix plugins are great, thanks for creating them I guess I am just paranoid... Link to comment
pluginCop Posted December 10, 2018 Share Posted December 10, 2018 5 hours ago, Harrywong said: malicious plugin or some malicious code accidentally introduced during a plugin update. If that ever happened, the plugin would get immediately blacklisted, and if you have Fix Common Problems installed, it would let you know about it. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.