I’m a software developer working in the telecam sector on security related products, so I know a fair bit about system security. Yet I wound secure my own system far less than most people here if I didn’t enjoy cybersecurity as a hobby.
I wonder what you are securing against? Some examples:
- jellyfin: unless you have home videos on there, what does it matter if someone exfiltrates some movies? Surely you have basic DOS protection and/or region locking to reduce wasted network traffic, right?
- linux: I assume nobody is using their servers as daily drive PCs, so what does it matter if somehow your system is superficially compromised. You can always reimage. Sure they could mine some bitcoin with your system, but it doesn’t have that much PSU headroom to cost you much on your bills, right?
It just seems like most attack vectors lead to mild annoyance at most for most systems.
Do you guys just enjoy cybersecurity? Do you actually keep sensitive data on your self hosted systems? Do you self-host on expensive hardware? What am I missing?


My biggest concern is pivoting. Specific to Jellyfin, many users are using docker, but do not isolate the user so the daemon is operating as root. With that setup, an attacker could mount the host filesystem to the container and would own the host from that container.
Again, for the linux mention, the answer is pivoting. Many machines use Tailscale. If one of those machines were to be compromised using Tailscale’s default ACL, they would be able to move laterally through the network without issue. At that point, it would be possible to modify existing nodes (ex. subnet routers, exit nodes, etc) or even add additional rogue nodes.
The question of why people care is tricky. Why should you care if your networked printer is using out of date firmware? It likely isn’t storing personal information, right? It’s a prime target because it’s easy, poorly monitored, and opens another door. A lot of infosec is just keeping doors shut so other doors don’t get opened.
Can you elaborate more on this? Assuming an attacker is in the Jellyfin container with full remote code execution, how could they mount the host filesystem?
It would depend on having access to misconfigured permissions or docker.sock like when you chain containers to manage other containers. Because you have access to docker.sock and that socket can send API calls to the docker daemon (which is run from root) those commands would inherit the same level of access. An attacker could make the API call to mount
/:/rootand then access the host filesystem.It’s just an example of how even though the container might not have anything worthwhile, it can be used to laterally move and open another door.
Got it. Access to docker.sock is definitely something to be wary of, or CAP_ADMIN, or access to certain host devices.
Worth mentioning though that Jellyfin usually has none of these.