Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scsynth's network socket should bind to 127.0.0.1 by default rather than 0.0.0.0 #4496

Closed
snappizz opened this issue Jul 21, 2019 · 4 comments

Comments

@snappizz
Copy link
Member

commented Jul 21, 2019

Environment

  • SuperCollider version: 3.10.2

Description

supercollider is intended to be run on local machines, and security is not really a top priority for the platform. however, right now, scsynth binds its UDP or TCP socket to 0.0.0.0 by default:

https://github.com/supercollider/supercollider/blob/develop/server/scsynth/scsynth_main.cpp#L140

which means that it listens on all interfaces. usually this means that anyone in your local network can mess with scsynth, which isn't what 99% of users want. even laptop ensembles tend to have everyone run their own client/server and most of the communication happens between clients.

simply changing this to 127.0.0.1 will be a more reasonable default configuration. this will not affect most users, but will impact people doing networked clients, who will need to set -B 0.0.0.0. see #4497.

disclaimer: i am not really great with network programming, so any insight from someone who knows better would be greatly appreciated!

Securing an existing supercollider installation

until this is fixed, this hack can secure scsynth by placing it in your startup file:

Server.program = "scsynth -B 127.0.0.1";

What about supernova?

supernova, as far as i can tell, does not support the -B flag, so getting supernova up to speed with scsynth is more involved. i'm not personally interested in maintaining supernova anymore, so i can't help with such issues.

@snappizz snappizz changed the title scsynth'should bind to 127.0.0.1 by default rather than 0.0.0.0 scsynth's network socket hould bind to 127.0.0.1 by default rather than 0.0.0.0 Jul 21, 2019

@snappizz snappizz changed the title scsynth's network socket hould bind to 127.0.0.1 by default rather than 0.0.0.0 scsynth's network socket should bind to 127.0.0.1 by default rather than 0.0.0.0 Jul 21, 2019

@snappizz snappizz added the API change label Jul 21, 2019

@snappizz snappizz added this to the 3.11 milestone Jul 23, 2019

@snappizz snappizz added this to To do in 3.10.3 Release Jul 28, 2019

@snappizz

This comment has been minimized.

Copy link
Member Author

commented Jul 28, 2019

at today's dev meeting @jrsurge suggested that this might be the root cause of #4362 and some other permissions issues on Windows.

edit: turns out it is probably not responsible for either unfortunately.

@snappizz

This comment has been minimized.

Copy link
Member Author

commented Jul 30, 2019

@joshpar and i have been discussing whether this should go into 3.10.3 or 3.11. it technically constitutes a breaking change for people who rely on the 0.0.0.0 behavior, in particular users of networked servers, and properly fixing #4497 means adding a small new feature.

normally, breaking changes + small new features = delay to 3.11. but this is such an alarming (and embarrassing) security misconfiguration that pushing it into 3.10.3 seems to be the better choice. if anyone feels differently then please let me know.

@snappizz snappizz moved this from To do to In progress in 3.10.3 Release Jul 30, 2019

snappizz added a commit to snappizz/supercollider that referenced this issue Jul 30, 2019

scsynth: Set default socket address to 127.0.0.1
This commit changes the default socket address, user-settable from the command line via the -B option, to 127.0.0.1 rather than 0.0.0.0. For most users running laptops connected to wifi, 0.0.0.0 is a dangerous default, since it allows anyone on the local network to send OSC messages to scsynth.

See issue supercollider#4496 for more explanation.
@snappizz snappizz referenced this issue Jul 30, 2019
4 of 4 tasks complete
@muellmusik

This comment has been minimized.

Copy link
Contributor

commented Jul 30, 2019

I suppose the main thing is that this change is prominently and clearly documented so that people's network music systems don't break mysteriously.

I guess a more complete fix would be an extension of password support to UDP? We've sometimes wondered about the issue of running network music systems on mixed networks. It's not always practical to make your own network, so increased security would be nice.

With that feature you could add another layer of default security by having the lang randomly generating a password at server launch if one is not specified.

@snappizz snappizz moved this from In progress to In Review in 3.10.3 Release Aug 1, 2019

@snappizz snappizz removed this from In Review in 3.10.3 Release Aug 4, 2019

snappizz added a commit to snappizz/supercollider that referenced this issue Aug 9, 2019

scsynth: Set default socket address to 127.0.0.1
This commit changes the default socket address, user-settable from the command line via the -B option, to 127.0.0.1 rather than 0.0.0.0. For most users running laptops connected to wifi, 0.0.0.0 is a dangerous default, since it allows anyone on the local network to send OSC messages to scsynth.

See issue supercollider#4496 for more explanation.
@snappizz

This comment has been minimized.

Copy link
Member Author

commented Aug 10, 2019

@muellmusik yeah for sure -- i'll advertise this change heavily in the changelog and such

closing as this is fixed in #4516

@snappizz snappizz closed this Aug 10, 2019

jpburstrom added a commit to jpburstrom/supercollider that referenced this issue Aug 21, 2019

scsynth: Set default socket address to 127.0.0.1
This commit changes the default socket address, user-settable from the command line via the -B option, to 127.0.0.1 rather than 0.0.0.0. For most users running laptops connected to wifi, 0.0.0.0 is a dangerous default, since it allows anyone on the local network to send OSC messages to scsynth.

See issue supercollider#4496 for more explanation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.