How is running transmission as a dedicated user more secure?
How is running transmission as a dedicated user more secure?
I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.
I don't get why that's more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user's home directory (/var/lib/transmission-daemon on Debian)?
Running any service as a dedicated user with limited permissions is more secure than not. It's not just transmission. This is a very basic method of increasing security on any running machine. https://en.m.wikipedia.org/wiki/Principle_of_least_privilege
22It helps protect you because if the application in question is compromised in any way (or has a flaw, i.e. an accidental
rm -rf /*), the only access it has is limited to the user it is run as. If it is run as root, it has full administrative privilege.10Not only that: It protects your data. The Unix security model is unfortunately stuck in the 1970s: It protects users from each other. That is a wonderful property, but in todays world you also need to protect the users from the applications they are running: Anything running as your user has access to all your data. And on most computer systems the interesting data is the one the users out there: Cryptogrqphic keys, login information, financial information, ... . Typically users are much more upset to loose their data than about some virus infecting the OS files, those are trivial to fix.
Running anything as anlther user stops that application from having access to most of your data.
3Isn't that a risk for anything downloaded, assuming I run transmission as my user, not root?
3@Quail4789 @mik Anything that you execute, yes.
4It's more the situation where the torrent/magnet string itself (or some peer connection) has some clever hack that exploits a bug in Transmission, allowing it to execute arbitrary code AS transmission. I'm skeptical there's a big risk of that, but the security theater kids LOVE sand boxing these days
1
It's not directly related to the torrent or its content no. It's more related to the potential bugs in Transmission that might be exploited to propagate viruses.
Since Transmission has to exchange data with un-trusted parties, before knowing whether the data is relevant to the torrent you are downloading, anyone could exploit bugs that exist in the parsing of these messages.
So running Transmission as a dedicated user limits what an attacker may have access to once they take control of Transmission through the exploit of known or unknown bugs.
Obviously, this user need to have many restriction in place as to prevent the attacker from installing malware permanently on the machine. And when you copy over data that has been downloaded by Transmission, you'd have to make sure it has not been tampered with by the attacker in an attempt to get access to the data available to your real account.
If you just use transmission occasionally, not on a server, I would not bother with it. Either use the flatpak version for some sandboxing and similar security guarantees as having a dedicated user running Transmission, or use an up to date version (the one from your distro should be fine) and don't leave it running when you do not need to.
4I've decided to use Docker
2@CasualTee @Quail4789 With torrent you are specifying the filename when you start the torrent, or at least I am. Thus any data can only go into that file. Usually when you use torrents the way I do, primarily for downloading distros, occasionally source code, an md5sum is provided. Thus before you use the downloaded data you do an md5sum on it and check it against the value it is provided. If it's not the same you remove the file and start over, if it is you know you didn't get any additional data.
1