[PD] [netpd] everybody is invited to join the collaborative music-project
hans at eds.org
Thu Nov 3 03:57:51 CET 2005
The way to make netpd-server secure is to run it as a specific run that
doesn't have access to anything except the bare minimum of what it
needs. I would create a "netpd" account on your server, then start up
pd as that user when running netpd-server. No matter what the hacker
does, they won't be able to get to anything that the "netpd" user
doesn't have access to.
The next step would be to run pd/netpd-server as "chroot", which would
take some setup. Basically its a way of tightly restricting access to
the filesystem so that netpd-server would only have read access to the
things it needs to run, nothing else.
On Oct 27, 2005, at 6:40 PM, Roman Haefeli wrote:
> hi sven, hi list
> entschuldige, dass ich diese mail an die liste weiterleite, aber ich
> denke, das thema ist für alle (zukünftigen) netpd-user interessant.
> you mentioned the security aspects of netpd. i admit that i never cared
> seriously about this topic, but i'm aware that netpd could be a
> short description of the problem:
> with netpd it's possible to upload patches to the computer of all
> connected users and control them remotely. since there are some methods
> in pd to read or write data from/to harddisk, it would be possible with
> netpd to receive this data from a remote computer.
> i'm not a specialist in security questions, so i appreciate every
> advice. my first thoughts tend to the direction of filtering out
> problematic objects during transmission of a patch. the first thing
> everyone should care when using netpd is to avoid loading not used
> externals. especially the [shell] external is very delicate.
> maybe this is naiv, but i think as long as there are only a few users,
> using netpd shouldn't be too dangerous, but it absolutely is an aspect
> to take care of.
> sven <ml.sven at subscience.de> wrote:
>> hi roman,
>> wenn du netpd public machst,
>> solltest du nicht vergessen,
>> dass es auch ein ziemliches
>> sicherheitsrisiko darstellt...
>> werden gesharte patches
>> denn auf potentielle gefahren
> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier
> anmelden: http://mail.yahoo.de
> PD-list at iem.at mailing list
> UNSUBSCRIBE and account-management ->
"[W]e have invented the technology to eliminate scarcity, but we are
deliberately throwing it
away to benefit those who profit from scarcity."
More information about the Pd-list