| GDAM Documentation | ||
|---|---|---|
| Prev | ||
Security of your system is very important. GDAM grants permission to many resources: it uses memory, disk, cpu and sound devices.
We've added a feature to let you connect to the server without listening on any port; this happens automatically if you run gdam-launcher when no server is running. This is a relatively safe mode of operation.
Currently there are few checks in place for attacks based on using up all available memory, disk or cpu. If you care, use ulimit or nice to change the amount of resources gdam has available to it.
However we've attempted to limit control in two ways:
the authenticator - this grants access to a user for certain priviledges
currently we don't have a useful authenticator in GDAM. If you want to help us write one, please contact us.
access to the users system is available by: querying and reading files, writing to the disk, reading and writing from sound devices, loading plugins in the plugin directories, potentially unlimited use of cpu and memory.
So how do you make a gdam-server fairly secure?
set the user to nobody and the group to audio.
make your audio devices readable or writable by group audio (chgrp audio /dev/dsp*; chgrp audio /dev/dsp*), and not by the anonymous user (chmod o-rwx /dev/dsp*).
Running gdam-server as root allows you to run it in --realtime mode. This allows gdam to consume all the resources on your computer, and potentially get very low latency in conjunction with the numfragments= and logfragsize= server config options.
gdam will drop permissions when run as root, but in still runs realtime. this means it can entirely crash your computer if it gets confused or too far behind. we recommend running non-realtime mode (or maybe just increasing the priority using renice).