Flash security problem


squashem

Recommended Posts

I created a new share and enabled SMB for that share. It is set to be private. Not available to guests. Only one person has R/W access.

Then from my mac, I tried accessing the share over SMB. 

 

I'm able to access my share. But I am also able to access the flash usb drive on the UnRaid box. Isn't that a major security issue?

 

As you can see from the screenshots in the attachments, the flash folder and its contents are visible even though, the only share being accessed is at `smb://192.168.0.103/Kpmemory`

 

I don't have this problem on my Ubuntu box though.

 

Why is this happening only on the mac? Can you guys help me to close this security hole? Or is this not possible?

flash.png

inside_flash.png

Link to comment
4 hours ago, Squid said:

Have you changed the SMB permissions for the flash drive?  Click on Flash from the Main Tab (Boot Device) and you can set it as you wish.

Oh. I never knew the flash had share settings and that they can be changed. But thanks for pointing that out.

 

In any case, why would the flash usb drive be exported as an SMB share by default? I've had UnRaid for about 18 days now. I noticed that that flash drive was being exported on a Mac 2 days in. But didn't think much of it then, cos I was trying to set up other things on the UnRaid box.

 

Noticed it again today and I knew it had to be fixed.

Link to comment
1 hour ago, squashem said:

<<<  snip  >>>

In any case, why would the flash usb drive be exported as an SMB share by default? I've had UnRaid for about 18 days now. I noticed that that flash drive was being exported on a Mac 2 days in. But didn't think much of it then, cos I was trying to set up other things on the UnRaid box.

Probably because it has been that way since unRAID was released many, many years ago.  Plus, many of the users (including myself) consider that our servers are safety secured on networks that are only accessible to users who have no malicious intend. 

 

Perhaps, that is a bit of fiction these days but it is certainly convenient not to have to log in to be able to access the flash drive.  Especially, since you would have to setup a user profile as root is not allowed to access any SMB share. You are certainly welcome to request a re-evaluation of this on the 'Feature Request' sub-forum.  You may find more support than you think for such a consideration.

 

EDIT:  By doing this, you would open up the discussion so that the pro''s and con's could be discussed along with the technical issues of implementing the change. 

Edited by Frank1940
Link to comment

Thanks for that info. 

 

As mentioned earlier, I've been using UnRaid for only a few days now. I like it so far. I'm not in a position to determine how often someone will have to access the flash drive on a normal use basis having not used Unraid for that long. If there is a necessity to access it very often, then perhaps the convenience of having quick access to it could outweigh the security considerations. However, I believe that is still debatable.

 

But, on a normal use case basis, if the flash drive is not required to be accessed often, then it shouldn't have to be exported as an SMB share by default. If someone has to log in, setup a normal user profile and enable SMB on the flash drive, to access it remotely as an SMB share then it might be safe to say that such a person knows what he/she is doing.

Link to comment

I have my flash share set private and hidden so only I have access (I have other users on my network) and nobody can see it, I have to specify the path to access it. I would be fine with making the default to not share the flash. Anybody that needs to access it needs to know why and what they are going to do with it.

Link to comment
10 hours ago, trurl said:

I have my flash share set private and hidden so only I have access (I have other users on my network) and nobody can see it, I have to specify the path to access it. I would be fine with making the default to not share the flash. Anybody that needs to access it needs to know why and what they are going to do with it.

Almost the same here - I have mine set to Private and Read-only.  I did it mostly to prevent accidents (mine or other people's).

Edited by S80_UK
Link to comment

If you are really concerned about security, probably the best solution is to turn "Export:" to 'Off' in the GUI.  Then when you have need to access the Flash Drive, you turn it back 'On' for a few minutes while you do what you have to do.  That way, you are controlling access to it at the super user level and the Drive is not exposed to the network any other time.   You could use the Hidden or Private mode depending on your level of concern about the security of your network and/or its users. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.