[PD] [netpd] everybody is invited to join the collaborative music-project

Hans-Christoph Steiner hans at eds.org
Fri Nov 4 06:50:46 CET 2005 

Ah yes, so the key there is to filter out or block the dangerous  
objects at the server. That should be so hard to implement, but making  
it pretty might be difficult.

.hc

On Nov 3, 2005, at 5:22 AM, Roman Haefeli wrote:

> hi hc
>
> thank you for your advices. the problem of security concerns not the
> netpd-server, but every client. the server is rather simple and just
> passes received data to all connected clients. the problem is, that
> everyone can upload his own patches to the other users machine and
> control them over netpd. theoretically it would be possible to write a
> patch, that reads textfiles on the remote machine and send the content
> back to the 'hackers' machine. with the shell-obj someone could even do
> everything with the privileges of the user, that started netpd on the
> remote machine.
>
> i don't know yet, how to solve this problems. the most important thing
> is, that every netpd-user is aware of them.
>
> cheers
> roman
>
> On Wed, 2 Nov 2005 21:57:51 -0500
> Hans-Christoph Steiner <hans at eds.org> wrote:
>
>>
>> The way to make netpd-server secure is to run it as a specific run  
>> that
>> doesn't have access to anything except the bare minimum of what it
>> needs.   I would create a "netpd" account on your server, then start  
>> up
>> pd as that user when running netpd-server.  No matter what the hacker
>> does, they won't be able to get to anything that the "netpd" user
>> doesn't have access to.
>>
>> The next step would be to run pd/netpd-server as "chroot", which would
>> take some setup.  Basically its a way of tightly restricting access to
>> the filesystem so that netpd-server would only have read access to the
>> things it needs to run, nothing else.
>>
>> .hc
>>
>> On Oct 27, 2005, at 6:40 PM, Roman Haefeli wrote:
>>
>>> hi sven, hi list
>>>
>>> entschuldige, dass ich diese mail an die liste weiterleite, aber ich
>>> denke, das thema ist für alle (zukünftigen) netpd-user interessant.
>>>
>>> you mentioned the security aspects of netpd. i admit that i never  
>>> cared
>>> seriously about this topic, but i'm aware that netpd could be a
>>> security
>>> risk.
>>>
>>> short description of the problem:
>>> with netpd it's possible to upload patches to the computer of all
>>> connected users and control them remotely. since there are some  
>>> methods
>>> in pd to read or write data from/to harddisk, it would be possible  
>>> with
>>> netpd to receive this data from a remote computer.
>>>
>>> i'm not a specialist in security questions, so i appreciate every
>>> advice. my first thoughts tend to the direction of filtering out
>>> problematic objects during transmission of a patch. the first thing
>>> that
>>> everyone should care when using netpd is to avoid loading not used
>>> externals. especially the [shell] external is very delicate.
>>>
>>> maybe this is naiv, but i think as long as there are only a few  
>>> users,
>>> using netpd shouldn't be too dangerous, but it absolutely is an  
>>> aspect
>>> to take care of.
>>>
>>> roman
>>>
>>>
>>> sven <ml.sven at subscience.de> wrote:
>>>
>>>> hi roman,
>>>> wenn du netpd public machst,
>>>> solltest du nicht vergessen,
>>>> dass es auch ein ziemliches
>>>> sicherheitsrisiko darstellt...
>>>> werden gesharte patches
>>>> denn auf potentielle gefahren
>>>> gescannt?
>>>>
>>>>
>>>> sven.
>>>>
>>>
>>>
>>> 	
>>>
>>> 	
>>> 		
>>> ___________________________________________________________
>>> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier
>>> anmelden: http://mail.yahoo.de
>>>
>>> _______________________________________________
>>> PD-list at iem.at mailing list
>>> UNSUBSCRIBE and account-management ->
>>> http://lists.puredata.info/listinfo/pd-list
>>>
>>
>> ______________________________________________________________________ 
>> __
>> ____
>>
>> "[W]e have invented the technology to eliminate scarcity, but we are
>> deliberately throwing it
>> away to benefit those who profit from scarcity."
>>
>>         -John Gilmore
>>
>
> 	
>
> 	
> 		
> ___________________________________________________________
> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier  
> anmelden: http://mail.yahoo.de
>

________________________________________________________________________ 
____

                   ¡El pueblo unido jamás será vencido!

More information about the Pd-list mailing list