Posts: 3,895
Joined: Sep 2013
Reputation:
358
I still think the onus is on the user to vet their add-ons in much the same way as any other app they may wish to install. Caveat emptor or, in this digital age, downloader beware !!
Learning Linux the hard way !!
Posts: 3,575
Joined: Mar 2011
Reputation:
194
2016-05-01, 21:49
(This post was last modified: 2016-05-01, 21:50 by trogggy.)
So what you're effectively saying is kodi needs to be made more 'pirate-friendly'...
I have no problem at all with what people use it for, but does making it 'safe' to use any old crap from the internet really sound like the direction to go in?
Maybe there could be a publicity campaign to go with it...
Posts: 111
Joined: Jul 2010
Reputation:
3
2016-05-01, 22:12
(This post was last modified: 2016-05-01, 22:15 by Paranoidjack.)
See my post in that thread about a certain addon attempting to add an entry to the HOSTS file - it won't be successful unless Kodi is started with escalated privileges but it's concerning to see such code since it can be used for MITM attacks.
Some sort of sandboxed behaviour for addons is needed - chroot enviroment and jailed processes.
Posts: 111
Joined: Jul 2010
Reputation:
3
I've tried to convey the seriousness of running obfuscated code to the users in that subreddit but the majority of them don't really see what the problem is as long as they're receiving content for free.
Posts: 111
Joined: Jul 2010
Reputation:
3
2016-05-01, 22:57
(This post was last modified: 2016-05-01, 23:00 by Paranoidjack.)
Creating a restricted user with no read/write permissions apart from the directories Kodi needs to run would be the best way for every platform apart from Android - even still, it wouldn't be 100% effective.
I think the most important thing to do is never run Kodi as root or administrator.