Hi. I observed that my LibreElec device (latest version) was visible on my windows PC so i started to fool around the folders just to learn about its structure...
I rapidly noticed that in /Userdata/passwords.xml, the credentials to my NAS are saved in clear (!)
This is not good, even if documented... really not good 
Don't make LE visible to your network. This is no different than any Kodi installation if you have access to the filesystem you can access passwords.xml so not LE specific.
@emvee I believe PhilippeB is talking about Samba shares /Userdata which is indeed readable by guest accounts when he tells about folders. By "folder" he is not talking about filesystem access but network share access (which have the same icon as any other folder in the file explorer thus I guess him not telling one from the other).
I see no passwords in this file here, but maybe I saved none.
Or do you mean no one should have access to port 445 on the libreelec box ?
Nothing was breached. LE intentionally ships with Samba enabled to mitigate support issues with typically low/no Linux skilled users and the default shares expose /storage/.kodi/userdata where Kodi subsequently stores passwords in cleartext. You can either disable Samba in the LE settings add-on (as you didn't choose to disable it when prompted during the first-run wizard) or you can configure a credential so there is no open access to the Samba shares.
NB: I'll take an action to formally document our insecurities in the wiki alongside installation instructions. They are widely discussed in the forum for anyone searching for info, but not the wiki.
If Samba is running (and it is by default) the service is advertised using mDNS via Avahi which helps Linux/macOS devices see the shares, and we also have WSDD2 which broadcasts in the modern format used by Windows.
If you don't need Samba shares turn the service off (10 seconds effort). If you do, configure a user/password credential (30 seconds).
If Samba is running (and it is by default) the service is advertised using mDNS via Avahi which helps Linux/macOS devices see the shares, and we also have WSDD2 which broadcasts in the modern format used by Windows.
If you don't need Samba shares turn the service off (10 seconds effort). If you do, configure a user/password credential (30 seconds).
The docs should give at least some hints about the mechanics of who does what in the background, in order for a KODI / LE box showing up in the network neighbourhood list (in windows explorer).
Disabling services should also have some hints, what will stop working (either directly, or indirectly due to some less-than-obvious service dependency).
Stopping a service indeed takes only 10sec. Beeing concerned (polite way of saying extremely frustrated due to I dont kbow what I am doing & no help at hand) what that disable activity may (translation: surely will) break, is on the other hand a real thing in the kodi / LE ecosystem.
I created https://wiki.libreelec.tv/installation/security in the install section so it's more visible. This is public documentation that can be added-to by anyone who cares enough to make the effort.
I created https://wiki.libreelec.tv/installation/security in the install section so it's more visible. This is public documentation that can be added-to by anyone who cares enough to make the effort.
Much appreciated, its a good starting point. I would love to add all my concern into this section, but actually I am the one who needs to learn how LE is built around Kodi first. So, maybe in 2-3 years time. Kodi and LE is too steep for me (I am experienced in IT quite well, 20+ yrs, but not into Linux & ARM unfortunately)
I almost forgot: maybe it should be an entirely separate thread, let me know
Separating SMB into server and client section. What I mean is, to put that extra "SMB (client)" and "SMB (server)" designation into the menu items. Not only in the security section of the docs, but int the entire Kodi UI as well. I dont want to admit, how much time I was messing with the various SMB settings in the many (are there more than 2 places? honestly I dont remember) different locations of LE. Before I finally realised the reason I dont see any difference after changes is that I was in the wrong place. I was making changes to the SMB server settings, when I wanted to modify the SMB client settings.
I put a note in the wiki article about Samba server and Kodi SMB client being separate things. Other than that I wouldn't document the client from a security perspective as this is making outbound connections (not receiving inbound) so it's not contributing to the attack-surface of an installation.
LE is loosly based on https://www.linuxfromscratch.org/ principles if you want to read up. Brace yourself for an exciting read 
