Lukewh
commented
2 years ago The daemon is run as root within the container using snapd. You can read more here :)
Closed crabdancing closed 4 months ago
Lukewh
commented
2 years ago The daemon is run as root within the container using snapd. You can read more here :)
crabdancing
commented
2 years ago I'm aware of this. But it's un-PoLP to do this just because it's the default behavior of the daemon. Note that a lot of sandbox escape exploits only work if you're already in a root context.
Lukewh
commented
2 years ago Happy to review a PR that changes the implementation
crabdancing
commented
4 months ago I use Nix orchistration for Deluge now, so it's not an issue I'm personally affected by. Still, you should probably put this up as a known issue/vulnerability. :)
This seems like a huge security risk. Am I missing something?