Technology

38432 readers

479 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

coldredlight@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

remington@beehaw.org

213

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet (github.com)

submitted 1 day ago by Scary_le_Poo@beehaw.org to c/technology@beehaw.org

153 comments fedilink hide all child comments

Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla...

you are viewing a single comment's thread
view the rest of the comments

[–] GiuseppeAndTheYeti@midwest.social 3 points 23 hours ago (1 children)

I think I understand now. Thank you! I will be changing my paths then. It's kind of a moot point since I'll change my paths anyway, but for the sake of my own curiosity, i have a follow up question. Feel free to disregard it if you don't feel like taking the time to answer.

Hypothetically, my docker setup only allows jellyfin to see /mnt/user as /storage. So jellyfin would report the path to Morbius as being:

/storage/hdd1/media/movies/Morbius_all_morbed_up.mkv

when in all actuality it would be:

/mnt/user/hdd1/media/movies/Morbius_all_morbed_up.mkv

My intuition tells me that the file path that jellyfin "sees" would be the security risk. So "/storage/hdd1/...." Is that correct?

[–] Saik0Shinigami@lemmy.saik0.com 4 points 23 hours ago

My intuition tells me that the file path that jellyfin “sees” would be the security risk.

Your intuition is correct. JF will generate the MD5 hash based on the path that it's accessing with. So if it's normally a unique path then you mount it into the docker container as /movies/ or /mnt/movies or what have you... Then you lost the uniqueness, all that's seen is the internal docker path. This is why I also lumped "using docker" into the party side by side with "using *arr stack". Most people will find a compose file and just modify the left side of the volume declaration to point at their media. And most dockers are going to have simple internal mounts in their example compose files.

Both Arr and Docker will end up pushing people to standardize the path, then the filename. Using both together compounds the issue and they tend to standardize different parts of the path.