Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure usage recommendations #173

Open
joakim opened this issue Dec 6, 2024 · 6 comments
Open

Insecure usage recommendations #173

joakim opened this issue Dec 6, 2024 · 6 comments

Comments

@joakim
Copy link

joakim commented Dec 6, 2024

Exposing ollama on a public port is a bad idea.

https://thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html

Oligo said it found 9,831 unique internet-facing instances that run Ollama, with a majority of them located in China, the U.S., Germany, South Korea, Taiwan, France, the U.K., India, Singapore, and Hong Kong. One out of four internet-facing servers has been deemed vulnerable to the identified flaws.

"Exposing Ollama to the internet without authorization is the equivalent to exposing the Docker socket to the public internet, because it can upload files and has model pull and push capabilities (that can be abused by attackers)," Lumelsky noted.

Why can't Enchanted access ollama on 127.0.0.1?
@Josh-Voyles
Copy link

Would the dev be open to someone (or me) compiling instructions for how to setup with Tailscale? With Tailscale, you should be able to access your home instance with any of your devices connected to your tailnet.

@joakim
Copy link
Author

joakim commented Dec 9, 2024
edited
Loading

If privacy is the reason for running ollama locally, I wouldn't use a privately owned VPN company. But with regards to security, it might be good enough for most.

I just want to access ollama on 127.0.0.1:11434. Why go to the trouble of using VPNs and online services when it's right there on the same machine? Am I missing something?

@Josh-Voyles
Copy link

If privacy is the reason for running ollama locally, I wouldn't use a privately owned VPN company. But with regards to security, it might be good enough for most.

I just want to access ollama on 127.0.0.1:11434. Why go to the trouble of using VPNs and online services when it's right there on the same machine? Am I missing something?

If I'm traveling, having a dedicated home server is going to be much more powerful than running locally. For the VPN, with Tailscale, you're the VPN provider. Tailscale just initiates the connection.

@joakim
Copy link
Author

joakim commented Dec 9, 2024

I see. I admit I only took a cursory look at Tailscale. I do see the usefulness of a setup like that for mobile use, I'm just naturally suspicious of venture capital funded companies.

@Josh-Voyles
Copy link

I see. I admit I only took a cursory look at Tailscale. I do see the usefulness of a setup like that for mobile use, I'm just naturally suspicious of venture capital funded companies.

For what's it's worth, you could also run the open-source fork Headscale.

@joakim
Copy link
Author

joakim commented Dec 9, 2024

Thanks for the tip, that's more down my alley :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joakim @Josh-Voyles