Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Linux Kernel Exploit Busily Rooting 64-Bit Machines

Featured Replies

Not sure if this affects unRaid, but just in case...

 

http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines

 

(please delete post if irrelevant)

unRAID is not a 64 bit OS

 

AND

 

If you've logged on as "root" there is no privilege to escalate. You are already there.

 

unRAID is not secure.... not as distributed by lime-technology.  Just the opposite, it is wide open with no password needed for many of the default IDs, including "root"  (5.0beta2 is better though)

 

 

  • Author

By adding a root password fixes this mostly, correct?

By adding a root password fixes this mostly, correct?

The simple answer is no, it does not.   There are other un-passworded entries in almost all unRAID releases.  Once logged on, an escalation of permissions is easily accomplished.

 

I just took a look at 4.5.6. It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack.

 

Still think you are safe.  Tell you what, wait until the family is in the middle of watching a movie then log onto the server as "shutdown"   Now, still think you're safe (warning... the family may retaliate) .

  • Author

Hi Joe,

 

Is there any guides to better lock down unRaid? Even though I can write simple scripts compile my own libs for unRaid, I'm still noobish with all of it.

 

It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack.

How do you see these ID's? Can these be removed and just have root?

 

This means that my router is the only line of defense for me. Thanks for the loss of sleep now  :-[

 

 

security on unraid is terrible, don't expose it to untrusted networks is my advice.

This seems to have been patched in the Slackware 13.1 and 13.1+ distros. I'm not sure if the patches made it into the kernels released within the past week.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.