[feature requests] Enhance security

[abcnorio]

Dear all,

some security feature requests for comfyui manager to minimize blind installs of code - this means effort for users, but that's part of the game - first use common sense:

• never install an addon or whatever by just push the button incl. deps

• show all actions before doing anything + locations where things will be stored

• per default run via pip install ... --dry-run + create logfile, this downloads already requirements but does nothing

• show logfile, extract URLs + IPs that were contacted while installing (may require some root access to use apps like wireshark) + logfile

• give time to check files downloaded, list all python files with code, if there is some malware/ virus scanner call it on the newly downloaded files/ folders

• create md5s from all files downloaded + logfile

• ask to install and only then install

• habitually: log all internet connections while working with comfyui (may require root access)

The effort here requires the user to use common sense before installing, some may complain about being too difficult, too much effort, so an overall button like "secure install" vs. "non-secure install( use at your own risk" is recommended.

Till then as a user best is to do everything manually:

• git clone
• inspect + check files
• log IPs contacted, DNS queries
• pip install in dry-run mode

Even if that sounds like "effort" I do that all the time because requirement can break the conda/pyenv anyway so this is essential to check before applying it. Sometimes it is easier to clone a conda env before installing anything to be sure things are not messed up.

Of course this does not prevent malware code etc. but it may make it harder, easier track down problems, etc.

More security comes only with secured containers (e.g. systemd-nspawn) or restricted VMs with GPU passthrough, esp. disconnect comfyui from the net except for installs and work, and restrict IP /DNS access for such containers/ VMs. This enhances security much more + keep a backup for immediate replacement after any possible infection.

[ltdrdata]

Work is in progress to verify on the server side and ensure that only validated installation files can be installed by users.
(Currently, the structure allows for custom node installation through git, but in the future, this method will be labeled as a "nightly" version and treated as an unverified installation method. The default installation method will be to install verified archive through comfyregistry.)

Your suggestion will be taken into consideration for the security verification process.

Thank you for the suggestion.

[abcnorio]

Thanks, sounds great! Thanks for your hard work, security is not an easy thing!

Privately I work on a easy way to use systemd-nspawn along with iptables rules + dnsmasq + logging and IP extraction + restrictions. At least for *nix users this can enhance the whole thing, won't 100% prevent from malware infection, but if infected an attacker will not get filesystem data nor browser data nor any network access except for whitelisted IPs/ domains, esp. no LAN access. ComfyUI runs as user, a PRO could add some apparmor profiles (that's beyond my skills).

GPU passthrough into systend-nspawn works pretty well and Comfyui + ComfyuiManager work as expected. The container has its own browser which remains "empty". You can maintain conda envs parallel to each other and bind folders with models as r/o from the host (this is no security hole!).