Documentation

Security Hardening Suggestions

  • Ports 63342 to 63391 are built-in server ports of MindStudio and can be used to open local web services, HTML files, and XML files. To improve security, it is recommended that the port range be used only locally and not open to other devices on the firewall.
  • Ports 6942 to 6991 are bound to a single instance of the MindStudio process to prevent multiple IDE processes from being started. These ports are not used for communication. To improve security, it is recommended that the port range be used only locally and not open to other devices on the firewall.
  • During remote execution, related files are transferred to the remote end. To improve security, you are advised to set the umask value of the remote user to 0027, and select a personal user path as the remote path. If an exception occurs during build of the ONNX operator, you need to set the permission on the google/protobuf directory of the dependency package to 755.
  • Try to depend on the CANN package installed by the current user, or ensure that the common user who installs the CANN package is trusted, to avoid privilege escalation risks.
  • If you start MindStudio as the root user and select a file in the common user path on the configuration page or configure environment variables to the common user path, privilege escalation risks may occur. You are advised to start MindStudio as a common user.
  • For files and logs generated by invoking third-party components through MindStudio, ensure that the permissions are minimized.
Parent topic: Appendixes