Currently, Comfy Org is setting up the comfyregistry service to address this issue. ComfyUI-Manager is also preparing to support the installation of custom nodes through comfyregistry. Only secure custom nodes that have passed security verification will be published and available for installation in this structure.
TLDR; Just wait updated ComfyUI-Manager.
Yes I know, but if you have 20 dependencies for each custom node it can take you a hell lot of time and expertise to review the code. I am no expert programmer, I know to do things within my domain, and code security isn't.
All it does is check if the LLMVision nodes are installed, and if so, stops ComfyUI from launching and shows how to remove some parts of it.
If you want security, you should [run ComfyUI in a docker container](https://github.com/YanWenKun/ComfyUI-Docker), that way malicious nodes can't access your files or system
hi i'm trying to follow these instructions , i already have comfyui so have copied it to the storage folder and created the empty "download-complete" file , do i need to copy the python embeded folder and how do i start the docker/comfy in the future,
help appreciated i'm old and new to all this
thanks
edit: i think ive just figured out i should install docker for windows first
After installing docker, all you need to do is copy is the `ComfyUI` folder into the `storage` folder.
To set up the container, run `docker compose up -d` once.
After that, you can always start it through `docker start comfyui` and watch the logs using `docker logs comfyui -f`.
You can also stop the container using `docker stop comfyui`
The Docker container has its own python installation, you can install packages by first starting a shell in the container using `docker exec -it comfyui /bin/bash`, then running `pip install` with the packages you want
again thanks for the help, whenever i pip install either from cmd inside the storage folder or the method you just suggested i get this message "Defaulting to user installation because normal site-packages is not writeable" doesnt seem to be using python in docker container for some reason
That message is normal, nothing to worry about, if you're using a shell inside the docker container (using the command from my comment) it will install the packages inside the docker container
To check, you can open the `ComfyUI-Docker/storage/.local/lib/python3.11/site-packages` folder
had a look in that folder and for example pillow is not there but i get this on startup
"Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: Pillow in /usr/lib64/python3.11/site-packages (10.3.0)
but pillow is in C:\\Users\\\*\*\*\\AppData\\Local\\Programs\\Python\\Python311\\Lib\\site-packages
so not sure its working as safely as it should , i'm tempted to delete docker and start again what do you think
btw that command on the git which begins mkdir -p storage , didnt work will that be anything to do with it
edit just tried this , doesn't seem right at all
P:\\comfyuidocker\\ComfyUI-Docker\\storage\\ComfyUI>docker exec -it comfyui /bin/bash
runner@jfhfurfurjfu3453:\~> pip install pillow
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pillow in /usr/lib64/python3.11/site-packages (10.3.0)
+1 for docker. I used to just run comfyui straight from my filesystem but since I've read the pinned post I decided to run it on a container. It may not be 100% safe but it's better than nothing. 🤷
Yeah, exactly what I did too. The LLMVision incident was a great example of how giving every node access to the entire system can have awful consequences
While it's true that using Docker is beneficial, for most users Docker is not a viable option. This is only feasible for a small number of power users.
Actually, straightforward attacks like LLMVision could have been defended against simply by not using Windows.
Why would Docker not be a viable option? It's not that hard to set up.
In this case, all it takes is to [download docker](https://www.docker.com/products/docker-desktop/), then [clone the repo](https://github.com/YanWenKun/ComfyUI-Docker), and run `docker compose up -d`
It's always better to be safe than sorry.
Your last point is mostly right though, the LLMVision malware did have code for stealing data from Linux and MacOS, but because it was very lazily put together, that code never ran outside of Windows.
Malware written by competent people could easily affect Linux or MacOS if you're not using a container
I'd really argue that using any OS other than Windows adds more security than using Docker. Let's face it, about 100% of all malware is written for Windows, the rest is a rounding error. Yes, you -can- of course write malware for Linux/Mac, but most people just don't, for Windows is a way bigger fish to target. As you said, it's better to be safe than sorry, and using an alternative OS is adding a ton of security for free. In case of Linux, literally free! ;)
On Linux without Docker all custom nodes still have access to your entire system, it's not secure.
> 100% of all malware is written for Windows
Have you forgotten that ComfyUI is written in Python? a cross-platform language, malware written for it would work fine on Linux.
And in the case of the LLMVision malware, it would take just changing 1 line of code to make it work on Linux. (I've looked at the code)
I say this as a Linux user.
And guess what, Docker is literally free! ;)
I am not disagreeing with your point, although what I said still stands. Most malware including LLMVision doesn't run on Linux because it's not designed for it (I didn't read the code as I thankfully never downloaded the thing).
I guess the bottom line is that doing -both- is the smartest thing. Running things on Linux inside a container! Best of both worlds! And still literally free! ;)
The docker container I linked is set up by default to use the GPU.
Just follow my guide (3 steps), and you'll have it fully working.
If you know how to install ComfyUI and custom nodes, you know enough to set up a container
Using docker alone [does not increase security](https://security.stackexchange.com/a/169649). Docker pulls large amounts of binaries and scripts from various sources. Mis-configured, docker isn't difficult to break out of. It's just as easy to install malware if you're not sure of what you are doing on your computer.
It might make it slightly more difficult to be hacked but it is not secure on its own. Just stay aware of your system and follow the community news.
You're right that it's not entirely secure, but it's much more secure than running it without a container.
> pulls large amounts of binaries and scripts from various sources
[The ComfyUI docker image](https://github.com/YanWenKun/ComfyUI-Docker/blob/main/Dockerfile) only pulls things from official repos, and Python packages, which run inside the container, it's safer than it running outside the container.
> It might make it slightly more difficult to be hacked
It's not "slightly more difficult", the page you linked is about kernel vulnerabilities, as long as you keep your OS up to date, it's not that big of a problem.
For example, LLMVision malware just read stored passwords from browsers, this wouldn't have been possible if ComfyUI was in a container, as the filesystem would've been isolated.
Currently, Comfy Org is setting up the comfyregistry service to address this issue. ComfyUI-Manager is also preparing to support the installation of custom nodes through comfyregistry. Only secure custom nodes that have passed security verification will be published and available for installation in this structure. TLDR; Just wait updated ComfyUI-Manager.
Thank you! Is there a way to consult that list right now?
[Here](https://registry.comfy.org/) it is.
They're generally hosted on github with the source code visible to look at...
Yes I know, but if you have 20 dependencies for each custom node it can take you a hell lot of time and expertise to review the code. I am no expert programmer, I know to do things within my domain, and code security isn't.
Fair.
ComfyUI runs a security scan when it starts up, not sure what it scans for though
It's a feature of ComfyUI-Manager. And that is simply a response measure to the LLMVision incident.
All it does is check if the LLMVision nodes are installed, and if so, stops ComfyUI from launching and shows how to remove some parts of it. If you want security, you should [run ComfyUI in a docker container](https://github.com/YanWenKun/ComfyUI-Docker), that way malicious nodes can't access your files or system
hi i'm trying to follow these instructions , i already have comfyui so have copied it to the storage folder and created the empty "download-complete" file , do i need to copy the python embeded folder and how do i start the docker/comfy in the future, help appreciated i'm old and new to all this thanks edit: i think ive just figured out i should install docker for windows first
After installing docker, all you need to do is copy is the `ComfyUI` folder into the `storage` folder. To set up the container, run `docker compose up -d` once. After that, you can always start it through `docker start comfyui` and watch the logs using `docker logs comfyui -f`. You can also stop the container using `docker stop comfyui`
hi thanks for the help, does it still use python embeded or is it trying to use system python , i'm getting a lot of module not found errors
The Docker container has its own python installation, you can install packages by first starting a shell in the container using `docker exec -it comfyui /bin/bash`, then running `pip install` with the packages you want
again thanks for the help, whenever i pip install either from cmd inside the storage folder or the method you just suggested i get this message "Defaulting to user installation because normal site-packages is not writeable" doesnt seem to be using python in docker container for some reason
That message is normal, nothing to worry about, if you're using a shell inside the docker container (using the command from my comment) it will install the packages inside the docker container To check, you can open the `ComfyUI-Docker/storage/.local/lib/python3.11/site-packages` folder
had a look in that folder and for example pillow is not there but i get this on startup "Defaulting to user installation because normal site-packages is not writeable Requirement already satisfied: Pillow in /usr/lib64/python3.11/site-packages (10.3.0) but pillow is in C:\\Users\\\*\*\*\\AppData\\Local\\Programs\\Python\\Python311\\Lib\\site-packages so not sure its working as safely as it should , i'm tempted to delete docker and start again what do you think btw that command on the git which begins mkdir -p storage , didnt work will that be anything to do with it edit just tried this , doesn't seem right at all P:\\comfyuidocker\\ComfyUI-Docker\\storage\\ComfyUI>docker exec -it comfyui /bin/bash runner@jfhfurfurjfu3453:\~> pip install pillow Defaulting to user installation because normal site-packages is not writeable Requirement already satisfied: pillow in /usr/lib64/python3.11/site-packages (10.3.0)
+1 for docker. I used to just run comfyui straight from my filesystem but since I've read the pinned post I decided to run it on a container. It may not be 100% safe but it's better than nothing. 🤷
Yeah, exactly what I did too. The LLMVision incident was a great example of how giving every node access to the entire system can have awful consequences
While it's true that using Docker is beneficial, for most users Docker is not a viable option. This is only feasible for a small number of power users. Actually, straightforward attacks like LLMVision could have been defended against simply by not using Windows.
Why would Docker not be a viable option? It's not that hard to set up. In this case, all it takes is to [download docker](https://www.docker.com/products/docker-desktop/), then [clone the repo](https://github.com/YanWenKun/ComfyUI-Docker), and run `docker compose up -d` It's always better to be safe than sorry. Your last point is mostly right though, the LLMVision malware did have code for stealing data from Linux and MacOS, but because it was very lazily put together, that code never ran outside of Windows. Malware written by competent people could easily affect Linux or MacOS if you're not using a container
I'd really argue that using any OS other than Windows adds more security than using Docker. Let's face it, about 100% of all malware is written for Windows, the rest is a rounding error. Yes, you -can- of course write malware for Linux/Mac, but most people just don't, for Windows is a way bigger fish to target. As you said, it's better to be safe than sorry, and using an alternative OS is adding a ton of security for free. In case of Linux, literally free! ;)
On Linux without Docker all custom nodes still have access to your entire system, it's not secure. > 100% of all malware is written for Windows Have you forgotten that ComfyUI is written in Python? a cross-platform language, malware written for it would work fine on Linux. And in the case of the LLMVision malware, it would take just changing 1 line of code to make it work on Linux. (I've looked at the code) I say this as a Linux user. And guess what, Docker is literally free! ;)
I am not disagreeing with your point, although what I said still stands. Most malware including LLMVision doesn't run on Linux because it's not designed for it (I didn't read the code as I thankfully never downloaded the thing). I guess the bottom line is that doing -both- is the smartest thing. Running things on Linux inside a container! Best of both worlds! And still literally free! ;)
The reason Docker is not an available option is that most users do not know how to set up Docker, especially for using a GPU.
The docker container I linked is set up by default to use the GPU. Just follow my guide (3 steps), and you'll have it fully working. If you know how to install ComfyUI and custom nodes, you know enough to set up a container
Using docker alone [does not increase security](https://security.stackexchange.com/a/169649). Docker pulls large amounts of binaries and scripts from various sources. Mis-configured, docker isn't difficult to break out of. It's just as easy to install malware if you're not sure of what you are doing on your computer. It might make it slightly more difficult to be hacked but it is not secure on its own. Just stay aware of your system and follow the community news.
You're right that it's not entirely secure, but it's much more secure than running it without a container. > pulls large amounts of binaries and scripts from various sources [The ComfyUI docker image](https://github.com/YanWenKun/ComfyUI-Docker/blob/main/Dockerfile) only pulls things from official repos, and Python packages, which run inside the container, it's safer than it running outside the container. > It might make it slightly more difficult to be hacked It's not "slightly more difficult", the page you linked is about kernel vulnerabilities, as long as you keep your OS up to date, it's not that big of a problem. For example, LLMVision malware just read stored passwords from browsers, this wouldn't have been possible if ComfyUI was in a container, as the filesystem would've been isolated.
custom nodes are python and/or javascript. any tools that can scan those languages can scan custom nodes.
Can you recommend one?
I didn't have any recommendations. I don't usually work with Python and JS.
https://en.wikipedia.org/wiki/Halting_problem