[PD] [netpd] everybody is invited to join the collaborative music-project

Hans-Christoph Steiner hans at eds.org
Thu Nov 3 03:57:51 CET 2005

The way to make netpd-server secure is to run it as a specific run that  
doesn't have access to anything except the bare minimum of what it  
needs.   I would create a "netpd" account on your server, then start up  
pd as that user when running netpd-server.  No matter what the hacker  
does, they won't be able to get to anything that the "netpd" user  
doesn't have access to.

The next step would be to run pd/netpd-server as "chroot", which would  
take some setup.  Basically its a way of tightly restricting access to  
the filesystem so that netpd-server would only have read access to the  
things it needs to run, nothing else.


On Oct 27, 2005, at 6:40 PM, Roman Haefeli wrote:

> hi sven, hi list
> entschuldige, dass ich diese mail an die liste weiterleite, aber ich
> denke, das thema ist für alle (zukünftigen) netpd-user interessant.
> you mentioned the security aspects of netpd. i admit that i never cared
> seriously about this topic, but i'm aware that netpd could be a  
> security
> risk.
> short description of the problem:
> with netpd it's possible to upload patches to the computer of all
> connected users and control them remotely. since there are some methods
> in pd to read or write data from/to harddisk, it would be possible with
> netpd to receive this data from a remote computer.
> i'm not a specialist in security questions, so i appreciate every
> advice. my first thoughts tend to the direction of filtering out
> problematic objects during transmission of a patch. the first thing  
> that
> everyone should care when using netpd is to avoid loading not used
> externals. especially the [shell] external is very delicate.
> maybe this is naiv, but i think as long as there are only a few users,
> using netpd shouldn't be too dangerous, but it absolutely is an aspect
> to take care of.
> roman
> sven <ml.sven at subscience.de> wrote:
>> hi roman,
>> wenn du netpd public machst,
>> solltest du nicht vergessen,
>> dass es auch ein ziemliches
>> sicherheitsrisiko darstellt...
>> werden gesharte patches
>> denn auf potentielle gefahren
>> gescannt?
>> sven.
> ___________________________________________________________
> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier  
> anmelden: http://mail.yahoo.de
> _______________________________________________
> PD-list at iem.at mailing list
> UNSUBSCRIBE and account-management ->  
> http://lists.puredata.info/listinfo/pd-list


"[W]e have invented the technology to eliminate scarcity, but we are  
deliberately throwing it
away to benefit those who profit from scarcity."
        -John Gilmore

More information about the Pd-list mailing list