[PD] [netpd] everybody is invited to join the collaborative music-project
Roman Haefeli
reduzierer at yahoo.de
Thu Nov 3 11:22:58 CET 2005
hi hc
thank you for your advices. the problem of security concerns not the
netpd-server, but every client. the server is rather simple and just
passes received data to all connected clients. the problem is, that
everyone can upload his own patches to the other users machine and
control them over netpd. theoretically it would be possible to write a
patch, that reads textfiles on the remote machine and send the content
back to the 'hackers' machine. with the shell-obj someone could even do
everything with the privileges of the user, that started netpd on the
remote machine.
i don't know yet, how to solve this problems. the most important thing
is, that every netpd-user is aware of them.
cheers
roman
On Wed, 2 Nov 2005 21:57:51 -0500
Hans-Christoph Steiner <hans at eds.org> wrote:
>
> The way to make netpd-server secure is to run it as a specific run that
> doesn't have access to anything except the bare minimum of what it
> needs. I would create a "netpd" account on your server, then start up
> pd as that user when running netpd-server. No matter what the hacker
> does, they won't be able to get to anything that the "netpd" user
> doesn't have access to.
>
> The next step would be to run pd/netpd-server as "chroot", which would
> take some setup. Basically its a way of tightly restricting access to
> the filesystem so that netpd-server would only have read access to the
> things it needs to run, nothing else.
>
> .hc
>
> On Oct 27, 2005, at 6:40 PM, Roman Haefeli wrote:
>
> > hi sven, hi list
> >
> > entschuldige, dass ich diese mail an die liste weiterleite, aber ich
> > denke, das thema ist für alle (zukünftigen) netpd-user interessant.
> >
> > you mentioned the security aspects of netpd. i admit that i never cared
> > seriously about this topic, but i'm aware that netpd could be a
> > security
> > risk.
> >
> > short description of the problem:
> > with netpd it's possible to upload patches to the computer of all
> > connected users and control them remotely. since there are some methods
> > in pd to read or write data from/to harddisk, it would be possible with
> > netpd to receive this data from a remote computer.
> >
> > i'm not a specialist in security questions, so i appreciate every
> > advice. my first thoughts tend to the direction of filtering out
> > problematic objects during transmission of a patch. the first thing
> > that
> > everyone should care when using netpd is to avoid loading not used
> > externals. especially the [shell] external is very delicate.
> >
> > maybe this is naiv, but i think as long as there are only a few users,
> > using netpd shouldn't be too dangerous, but it absolutely is an aspect
> > to take care of.
> >
> > roman
> >
> >
> > sven <ml.sven at subscience.de> wrote:
> >
> >> hi roman,
> >> wenn du netpd public machst,
> >> solltest du nicht vergessen,
> >> dass es auch ein ziemliches
> >> sicherheitsrisiko darstellt...
> >> werden gesharte patches
> >> denn auf potentielle gefahren
> >> gescannt?
> >>
> >>
> >> sven.
> >>
> >
> >
> >
> >
> >
> >
> > ___________________________________________________________
> > Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier
> > anmelden: http://mail.yahoo.de
> >
> > _______________________________________________
> > PD-list at iem.at mailing list
> > UNSUBSCRIBE and account-management ->
> > http://lists.puredata.info/listinfo/pd-list
> >
>
> ________________________________________________________________________
> ____
>
> "[W]e have invented the technology to eliminate scarcity, but we are
> deliberately throwing it
> away to benefit those who profit from scarcity."
>
> -John Gilmore
>
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
More information about the Pd-list
mailing list