unRAID-plugins icon indicating copy to clipboard operation
unRAID-plugins copied to clipboard

Published 20 hours ago verified publisher icon gfjardim

Security issues found

Open OmgImAlexis opened this issue 3 years ago • 9 comments

Hi where should I report a security issue I've found?

OmgImAlexis avatar Sep 17 '21 07:09 OmgImAlexis

Probably the best way is to PM gfjardim.

dlandon avatar Sep 17 '21 09:09 dlandon

@dlandon is @gfjardim still around. Havent seen him in the unRaid forum since June, also no activity here on Github. I am a bit worried.

bjoerns1983 avatar Nov 24 '21 12:11 bjoerns1983

Preclear is not needed any longer. If you feel you have to have it, there is a Docker container.

dlandon avatar Nov 24 '21 13:11 dlandon

Sorry if thats a dumb question, but why is the step of preclearing not needed anymore. I thought it was a good way of testing a new disk before adding it to the array. Nevertheless doesnt the docker use the same scripts, if they are unmaintained it maybe possible that they dont work on newer unraid versions.

bjoerns1983 avatar Nov 24 '21 15:11 bjoerns1983

The history of preclear is that in early versions of Unraid, a disk had to be cleared and a proper signature on the disk indicating it was clear before installing it in the array. If Unraid did a clear, the array would be offline during the time the disk was being cleared. Not having the array available during a clear was a real issue. That's why it was called 'preclear'. As a sideline it would also exercise the disk to offer some confidence about it's reliability as people would install used disks when they were not as affordable as they are now. You really don't need to exercise a new disk these days.

There are several people who can maintain the preclear script. I don't think there have been any changes needed for years. There are also some SMART disk functions that will exercise a disk.

dlandon avatar Nov 24 '21 19:11 dlandon

Why do new disks not need to be exercised before trusting valuable data to them? What makes the new drives better in this regard?

RVijay007 avatar Nov 24 '21 23:11 RVijay007

It's not necessary, but some feel more comfortable running a preclear. When I add or replace a disk in my array, I just install it and go. Never had a problem.

If you are that concerned about protecting your data, keep it backed up. The parity in Unraid is not a backup.

This started with your concern about not being able to do a preclear potentially because of lack of support. There are options for doing a preclear, and there are people here that can work on the script.

dlandon avatar Nov 25 '21 02:11 dlandon

Thanks for the clearification. Nevertheless i hope that @gfjardim is okay. When somebody vanishes from Communites like Github etc. from one day to another thats normally no good sign.

May the security issues that @OmgImAlexis are mentioned should be explained here. Maybe someone else could fix them.

bjoerns1983 avatar Nov 25 '21 07:11 bjoerns1983

@gfjardim has a reputation of being off the forums at times, so I would be concerned about him.

Since there is a Docker container that does a preclear, I doubt there is any interest from developers to work on this plugin.

dlandon avatar Nov 25 '21 11:11 dlandon