What is the problem you are having with rclone?
Security related question please:
In the case of a bad actor hacking into a "live" rclone session (i.e. someone taking control of Linux while Rclone is mounted to OneDrive and/or Google Drive) or theft of an Rclone Config file without password protection....
-
Would it be possible for the bad actor to access the associated account password for the cloud storage? (OneDrive and/or Google Drive)
-
Separately - would the bad actor be able to gain access to the email account associated to the cloud storage? (OneDrive's Outlook.com and/or Google's Gmail)
Reason for asking:
- I am trying to understand if the associated email accounts would remain safe, if a hacker somehow got control of a live rclone session or hacked password protected config file
- I understand Rclone uses an access token to get access to cloud storage - but I am not clear if that access token would somehow allow a bad actor to also access other apps (e.g. email) that is connected to the cloud account
Thank you in advance
Run the command 'rclone version' and share the full output of the command.
rclone v1.61.1
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 5.15.0-1029-oracle (aarch64)
- os/type: linux
- os/arch: arm64
- go/version: go1.19.4
- go/linking: static
- go/tags: none
Which cloud storage system are you using? (eg Google Drive)
OneDrive and Google Drive
The command you were trying to run (eg rclone copy /tmp remote:tmp
)
N/A
The rclone config contents with secrets removed.
N/A
A log from the command with the -vv
flag
N/A