I started using Syncthing about 6 months ago, and I love it.
One security issue that strikes me is the ability of an adversary to exploit buffer overflows or similar vulnerabilities. I didn’t see that this issue is discussed much.
I’m considering setting up Syncthing as a separate user “synthia”. Then if the vulnerabilities in the binaries were exploited, the adversary may be limited to the capabilities of that user. This includes full access to all the sync’d files, of course, but not other assets on the computer.
My question is whether this is considered worthwhile or not. It might be that the difficulty of escalating beyond that user is considered quite low.
The OS is Ubuntu 18.04.
2 posts - 2 participants