September 20, 201015 yr Not sure if this affects unRaid, but just in case... http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines (please delete post if irrelevant)
September 20, 201015 yr Not sure if this affects unRaid, but just in case... http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines (please delete post if irrelevant) unRAID is not a 64 bit OS AND If you've logged on as "root" there is no privilege to escalate. You are already there. unRAID is not secure.... not as distributed by lime-technology. Just the opposite, it is wide open with no password needed for many of the default IDs, including "root" (5.0beta2 is better though)
September 20, 201015 yr By adding a root password fixes this mostly, correct? The simple answer is no, it does not. There are other un-passworded entries in almost all unRAID releases. Once logged on, an escalation of permissions is easily accomplished. I just took a look at 4.5.6. It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack. Still think you are safe. Tell you what, wait until the family is in the middle of watching a movie then log onto the server as "shutdown" Now, still think you're safe (warning... the family may retaliate) .
September 20, 201015 yr Author Hi Joe, Is there any guides to better lock down unRaid? Even though I can write simple scripts compile my own libs for unRaid, I'm still noobish with all of it. It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack. How do you see these ID's? Can these be removed and just have root? This means that my router is the only line of defense for me. Thanks for the loss of sleep now
September 23, 201015 yr security on unraid is terrible, don't expose it to untrusted networks is my advice.
September 23, 201015 yr This seems to have been patched in the Slackware 13.1 and 13.1+ distros. I'm not sure if the patches made it into the kernels released within the past week.
Archived
This topic is now archived and is closed to further replies.