I started using Syncthing about 6 months ago, and I love it.
One security issue that strikes me is the ability of an adversary to exploit buffer overflows or similar vulnerabilities. I didn’t see that this issue is discussed much.
I’m considering setting up Syncthing as a separate user “synthia”. Then if the vulnerabilities in the binaries were exploited, the adversary may be limited to the capabilities of that user. This includes full access to all the sync’d files, of course, but not other assets on the computer.
My question is whether this is considered worthwhile or not. It might be that the difficulty of escalating beyond that user is considered quite low.
It certainly shouldn’t hurt. That said, Go is a memory safe language so a lot of such exploits are trickier and more unusual, and “our” code only really comes into play once a connection has passed a TLS handshake and had its certificate verified as being a trusted peer. So attacks from the internet at large would mostly need to target the Go TLS stack, which I think is reasonably hardened at this point.
The few security issues we’ve had “on our own” have been of the kind that lets a trusted peer access things they should not, following symlinks for example. That’s bad but the exposure is limited.
A better attack might be against our build or upgrade infrastructure. If you want to be very careful indeed you might want to check updates manually against our release keys etc., or build yourself from a vetted and trusted set of source code.