[PD] [netpd] everybody is invited to join the collaborativemusic-project

Roman Haefeli reduzierer at yahoo.de
Fri Nov 4 15:59:14 CET 2005 

"Hans-Christoph Steiner" <hans at eds.org> wrote:
> Ah yes, so the key there is to filter out or block the dangerous
> objects at the server. That should be so hard to implement, but making
> it pretty might be difficult.


yes, it wouldn't be too hard to implement such a filter. it's more, that
some obj, that are actually critical, are used in some of my patches,
for example [msgfile]. even if critical objects would be filtered out,
it would still be possible to make a patch that dynamically creates such
objects.

i don't know a suitable solution yet...

lg
roman


On Nov 3, 2005, at 5:22 AM, Roman Haefeli wrote:

> hi hc
>
> thank you for your advices. the problem of security concerns not the
> netpd-server, but every client. the server is rather simple and just
> passes received data to all connected clients. the problem is, that
> everyone can upload his own patches to the other users machine and
> control them over netpd. theoretically it would be possible to write a
> patch, that reads textfiles on the remote machine and send the content
> back to the 'hackers' machine. with the shell-obj someone could even
do
> everything with the privileges of the user, that started netpd on the
> remote machine.
>
> i don't know yet, how to solve this problems. the most important thing
> is, that every netpd-user is aware of them.
>
> cheers
> roman
>
> On Wed, 2 Nov 2005 21:57:51 -0500
> Hans-Christoph Steiner <hans at eds.org> wrote:
>
>>
>> The way to make netpd-server secure is to run it as a specific run
>> that
>> doesn't have access to anything except the bare minimum of what it
>> needs.   I would create a "netpd" account on your server, then start
>> up
>> pd as that user when running netpd-server.  No matter what the hacker
>> does, they won't be able to get to anything that the "netpd" user
>> doesn't have access to.
>>
>> The next step would be to run pd/netpd-server as "chroot", which
would
>> take some setup.  Basically its a way of tightly restricting access
to
>> the filesystem so that netpd-server would only have read access to
the
>> things it needs to run, nothing else.
>>
>> .hc
>>
>> On Oct 27, 2005, at 6:40 PM, Roman Haefeli wrote:
>>
>>> hi sven, hi list
>>>
>>> entschuldige, dass ich diese mail an die liste weiterleite, aber ich
>>> denke, das thema ist für alle (zukünftigen) netpd-user interessant.
>>>
>>> you mentioned the security aspects of netpd. i admit that i never
>>> cared
>>> seriously about this topic, but i'm aware that netpd could be a
>>> security
>>> risk.
>>>
>>> short description of the problem:
>>> with netpd it's possible to upload patches to the computer of all
>>> connected users and control them remotely. since there are some
>>> methods
>>> in pd to read or write data from/to harddisk, it would be possible
>>> with
>>> netpd to receive this data from a remote computer.
>>>
>>> i'm not a specialist in security questions, so i appreciate every
>>> advice. my first thoughts tend to the direction of filtering out
>>> problematic objects during transmission of a patch. the first thing
>>> that
>>> everyone should care when using netpd is to avoid loading not used
>>> externals. especially the [shell] external is very delicate.
>>>
>>> maybe this is naiv, but i think as long as there are only a few
>>> users,
>>> using netpd shouldn't be too dangerous, but it absolutely is an
>>> aspect
>>> to take care of.
>>>
>>> roman
>>>
>>>
>>> sven <ml.sven at subscience.de> wrote:
>>>
>>>> hi roman,
>>>> wenn du netpd public machst,
>>>> solltest du nicht vergessen,
>>>> dass es auch ein ziemliches
>>>> sicherheitsrisiko darstellt...
>>>> werden gesharte patches
>>>> denn auf potentielle gefahren
>>>> gescannt?
>>>>
>>>>
>>>> sven.
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___________________________________________________________
>>> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier
>>> anmelden: http://mail.yahoo.de
>>>
>>> _______________________________________________
>>> PD-list at iem.at mailing list
>>> UNSUBSCRIBE and account-management ->
>>> http://lists.puredata.info/listinfo/pd-list
>>>
>>
>>
______________________________________________________________________
>> __
>> ____
>>
>> "[W]e have invented the technology to eliminate scarcity, but we are
>> deliberately throwing it
>> away to benefit those who profit from scarcity."
>>
>>         -John Gilmore
>>
>
>
>
>
>
> ___________________________________________________________
> Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier
> anmelden: http://mail.yahoo.de
>

________________________________________________________________________
____

                   ¡El pueblo unido jamás será vencido!


_______________________________________________
PD-list at iem.at mailing list
UNSUBSCRIBE and account-management ->
http://lists.puredata.info/listinfo/pd-list


	

	
		
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de

More information about the Pd-list mailing list