mirror of
https://github.com/007revad/Synology_enable_M2_volume.git
synced 2026-04-25 13:05:54 +03:00
[GH-ISSUE #134] please disable autoupdate per default #238
Labels
No labels
enhancement
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/Synology_enable_M2_volume#238
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @capullo on GitHub (Nov 24, 2023).
Original GitHub issue: https://github.com/007revad/Synology_enable_M2_volume/issues/134
Your bash script is well written, good work!!
The only thing right now i don't like, is that autoupdate is enabled by default, which is a pure backdoor to any NAS, where this feature is enabled.
I know sure you don't have any bad intentions, but consider your Github account will get hacked. or access token get stolen.
You can put a disclaimer behind the autoupdate feature to inform users, what this means, if they enable this feature.
Maybe you just put the signature (hexstring) in an own config and autoupdate is just updating this config.
ok, you will be then able to DOS any NAS user using this feature with a corrupt libhwcontrol.so.1, but injecting code into libhwcontrol.so.1 should be very hard :)
@007revad commented on GitHub (Nov 24, 2023):
Auto update is an option. If the script is not run with --autoupdate=# it will ask the user if they want to update. It they don't answer the [y/n] prompt it times out after the 30 seconds and the script continues without updating itself.
I actually hardened the script against GitHub account hacking just 2 days ago in response to issue #129
https://github.com/007revad/Synology_enable_M2_volume/releases/tag/v1.1.13
v1.1.13
@007revad commented on GitHub (Nov 24, 2023):
Your xargs code replaced 160 lines of code with 2 lines. Nice.