Security Concerns

  • As far as I understand it, you cannot change the root password, and libreelec removed ability to use anonymous shares as per:


    libreelec_faq [LibreELEC]


    Quote

    It is not possible to change the password (without recompiling the distro with a different one) because the password file is contained inside the read-only squashfs SYSTEM file (the read-only part is the challenge).


    Newbie help

    Quote

    Anonymous Windows shares are NOT supported by Kodi so you should ensure that access to the Windows 7 share is restricted with a username/password and that "password authentication" is enabled on the Windows share. Kodi should then prompt for a username/password when accessing the share.


    Though the author states Kodi, I believe librelec was intended (I could be wrong, but kodi windows 17.6 does works fine with anonymous share.)


    So I went from having my librelec box not locked down (no issues), to now have to put in a clear text password of a valid user on my windows share. Now I naturally could create a user that only has access to this share or guest, but this is probably not well understood, or common practice. Whereas before, only things being exposed, were things that were fine to be exposed, ( e.g. my windows share with no sensitive data and libreelec user/pass,) now I am more likely going to share sensitive data (e.g. a valid user on my windows server.)


    I would argue that in adding this "security enhancement", by and large the impact is less security for those involved. As previously stated, there are work arounds that would do as intended, but I do not beleive this is well documented, or understood by most or even possible to be understood by most.


    If any of my assumptions are incorrect, please let me know.

  • I would argue that in adding this "security enhancement", by and large the impact is less security for those involved. As previously stated, there are work arounds that would do as intended, but I do not beleive this is well documented, or understood by most or even possible to be understood by most.


    Same here, I'm trying to get someone here to help me set that stuff up, so I can actually use my LE box.

  • Changing the root password is to be a part of LibreELEC as of version 9.0.


    If you want a different password right now, you can change it in LibreELEC's source code on Github, and create your own build.

  • Changing the root password is to be a part of LibreELEC as of version 9.0.


    If you want a different password right now, you can change it in LibreELEC's source code on Github, and create your own build.

    So I take it that you agree that these changes should be reverted at least until 9.0?


    Overall, the entire stance seems odd. Windows will make changes at some point, that will not allow smbv1, thus we will disable anonymous shares to preempt that. Regardless if your share is this newer version of windows or any other smb enabled service?


    Support seems to be challenging these forums, your users, etc... and based on your response, I beleive we can agree, that this has only made it less secure, not more. This entire topic seems to be frustrating both the user and developer base....to me the answer seems obvious.

  • you can disable password ssh access to libreelec, and allow access only via secure keys.

    You are correct. I did not make it abundantly clear, that there are work arounds not listed that can alleviate these risks (I only highlighted a few.)


    This however was not the point I was trying to make. I was simply stating that more devices are unsecure because of these "security improvements", thus I would think that security improvements should be made to have the greatest impact, e.g. don't go backwards for most, for the apperance of security.


    So I argue on one side we have, more security out of the box, better backwards compatability, less user/develop frustration, and the other side we have more security for those in the know out of the box, (but they could have the same if they are in the know, regardless.)


    I am still struggling to see any real gain here?

  • So I take it that you agree that these changes should be reverted at least until 9.0?

    There are no changes to revert. The way it is in 8.2.2 is how it's going to be from now on (with the exception that in 9.0 you will be able to change the root password).


    Most of this mess is caused by Microsoft. The latest Samba 4.x releases no longer support anonymous access to Windows shares and now require authenticated access (regardless of SMB protocol), while Microsoft are also disabling anonymous access in new installs of Windows 10, so either way anonymous access to Windows shares is history. Authenticated access is the future.


    SMB1 should be disabled everywhere as it is an actively exploited security risk. Disabling SMB1 has consequences, as network browsing is dependent on SMB1. Not much anyone can do about this right now, but just be assured you're better off without SMB1.


    If you're concerned about entering a clear text password - which I agree is a valid concern - then create a low privileged Windows user to protect access to the share, and don't use your main PC user account.


    e.g. don't go backwards for most, for the apperance of security.


    Generally speaking, LibreELEC 8.2.2 is the most secure version of LibreELEC (and certainly any other *ELEC) released so far. Which is not to say it is without security problems - it's not perfect - but it has certainly not gone backwards in any way, and the security changes are far from cosmetic.


    What has happened is that some gaping security holes within your network (which you might call "features") are no longer supported, and you now need to correctly configure your Windows shares in such a way (ie. with a user account) so that they will continue to work in this wonderful, new and more secure world.


    Nothing will be reverted. Embrace the change.

  • Quote

    If you're concerned about entering a clear text password - which I agree is a valid concern - then create a low privileged Windows user to protect access to the share, and don't use your main PC user account.

    This is concerning, as if you have not read my previous posts. I thought I was clear in the first, but if that was not enough.

    Quote

    You are correct. I did not make it abundantly clear, that there are work arounds not listed that can alleviate these risks (I only highlighted a few.


    I am not sure how to make it more clear that this is not about workarounds (again, my instance is setup securely), this is about not being clear, and diminishing security for the average user.


    I am not sure why bringing up a security concern has been responded with such a negative reaction?

  • I am not sure why bringing up a security concern has been responded with such a negative reaction?

    Maybe because passwords being stored in the clear (by Kodi) is nothing new - it's always done that. Choose an account that is suitable for the data being shared, and don't use the admin account to share your movies.


    Nothing has changed here as far as LibreELEC is concerned so I'm not sure why you consider LibreELEC security to now be "diminished".