this post was submitted on 14 Oct 2024
21 points (100.0% liked)

Linux

48366 readers
1743 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.

I don't get why that's more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user's home directory (/var/lib/transmission-daemon on Debian)?

you are viewing a single comment's thread
view the rest of the comments
[–] CasualTee@beehaw.org 5 points 1 month ago (2 children)

It's not directly related to the torrent or its content no. It's more related to the potential bugs in Transmission that might be exploited to propagate viruses.

Since Transmission has to exchange data with un-trusted parties, before knowing whether the data is relevant to the torrent you are downloading, anyone could exploit bugs that exist in the parsing of these messages.

So running Transmission as a dedicated user limits what an attacker may have access to once they take control of Transmission through the exploit of known or unknown bugs.

Obviously, this user need to have many restriction in place as to prevent the attacker from installing malware permanently on the machine. And when you copy over data that has been downloaded by Transmission, you'd have to make sure it has not been tampered with by the attacker in an attempt to get access to the data available to your real account.

If you just use transmission occasionally, not on a server, I would not bother with it. Either use the flatpak version for some sandboxing and similar security guarantees as having a dedicated user running Transmission, or use an up to date version (the one from your distro should be fine) and don't leave it running when you do not need to.

[–] nanook@friendica.eskimo.com 1 points 1 month ago* (last edited 1 month ago)

@CasualTee @Quail4789 With torrent you are specifying the filename when you start the torrent, or at least I am. Thus any data can only go into that file. Usually when you use torrents the way I do, primarily for downloading distros, occasionally source code, an md5sum is provided. Thus before you use the downloaded data you do an md5sum on it and check it against the value it is provided. If it's not the same you remove the file and start over, if it is you know you didn't get any additional data.