On the MuseScore forums there is broad concern over MuseHub's use of root-owned background services, in any case on MacOS and Linux. (The Windows situation is unknown to me.)
Brief summary of the situation in MacOS (that on Linux is similar, although the details differ):
Upon installation, MuseHub installs a helper application that runs as root. It sits in /Library/PrivilegedHelperTools and is called com.muse.museservice.
This service runs permanently and only stops when MuseHub is uninstalled. It opens bittorrent ports. Its apparent functions are:
- To run as bittorrent host for downloading software and content such as MuseScore and MuseSounds
- To install downloaded items without user intervention.
Running a root-privileged process without need is considered bad practice and in fact presents an unknown danger to the integrity and privacy of the system. This danger is even greater if the process has ports open to the outside.
For the above mentioned purposes there is no need for root privileges, except perhaps to avoid asking the user for permission when a new version of the software or other content is ready to be installed. That would be no big deal, and in fact is the preferred way according to most who have spoken out on the forums.
Please realize that all MuseHub users are now exposed to the danger of having their computers compromised or even hijacked, and please fix the issue on the shortest possible term.
Following are links to the two Issues submitted to the MuseScore issue tracker. Many other forum topics deal with the problem, all with the same conclusion: this is dangerous and cannot continue.
Sorry if I am the bringer of bad news. No bad intentions here. I hope this will quickly become a thing of the past, and all can enjoy the great features of MuseHub without worry. Thank you.
Please sign in to leave a comment.