Closed capullo closed 9 months ago
Auto update is an option. If the script is not run with --autoupdate=# it will ask the user if they want to update. It they don't answer the [y/n] prompt it times out after the 30 seconds and the script continues without updating itself.
I actually hardened the script against GitHub account hacking just 2 days ago in response to issue #129
https://github.com/007revad/Synology_enable_M2_volume/releases/tag/v1.1.13
v1.1.13
Your xargs code replaced 160 lines of code with 2 lines. Nice.
Your bash script is well written, good work!!
The only thing right now i don't like, is that autoupdate is enabled by default, which is a pure backdoor to any NAS, where this feature is enabled. I know sure you don't have any bad intentions, but consider your Github account will get hacked. or access token get stolen. You can put a disclaimer behind the autoupdate feature to inform users, what this means, if they enable this feature.
Maybe you just put the signature (hexstring) in an own config and autoupdate is just updating this config. ok, you will be then able to DOS any NAS user using this feature with a corrupt libhwcontrol.so.1, but injecting code into libhwcontrol.so.1 should be very hard :)