World Community Grid - View Thread - BOINC installed as a service

World Community Grid Forums

Category: Support

Forum: BOINC Agent Support

Thread: BOINC installed as a service

Quick Go »

No member browsing this thread

Thread Status: Active
Total posts in this thread: 3

[ ]

Author

This topic has been viewed 751 times and has 2 replies

schepers
Advanced Cruncher
Canada
Joined: Oct 11, 2006
Post Count: 85
Status: Offline
Project Badges:

100 year badge for Human Proteome Folding - Phase 2

5 year badge for Discovering Dengue Drugs - Together

10 year badge for Nutritious Rice for the World

1 year badge for The Clean Energy Project

50 year badge for Help Fight Childhood Cancer

2 year badge for Influenza Antiviral Drug Search

50 year badge for Help Cure Muscular Dystrophy - Phase 2

90 day badge for Discovering Dengue Drugs - Together - Phase 2

20 year badge for Computing for Clean Water

50 year badge for Drug Search for Leishmaniasis

20 year badge for GO Fight Against Malaria

1 year badge for Computing for Sustainable Water

200 year badge for Mapping Cancer Markers

20 year badge for Uncovering Genome Mysteries

50 year badge for Outsmart Ebola Together

50 year badge for FightAIDS@Home - Phase 2

10 year badge for Smash Childhood Cancer

50 year badge for Microbiome Immunity Project

20 year badge for Africa Rainfall Project

50 year badge for OpenPandemics - COVID-19


BOINC installed as a service

I've tried mailing Rom Walton on this question, but can't see how to post on his BOINC forum.

Is there a particular reason the BOINC installer, when installing as a service, requires having account credentials to run the service under? I'm testing a BOINC install where I've converted the service to "Local System" which requires no credentials and it appears to work OK for the 5 days it's been up. I know UD works this way fine as I ran it for over a month.

I don't run BOINC under c:\program files, instead it is installed on a separate drive letter (d:\boinc).

Is running this kind of service without credentials a potential security concern, could there be file access issues, or might there be work unit corruption?

[Dec 27, 2006 3:05:00 PM]

Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline


Re: BOINC installed as a service

There are potential security issues. While all WCG projects are audited and as safe as possible, anyone can set up a BOINC project. In theory, someone could set up a malicious BOINC project, or hack a less secure BOINC project.

Current thinking is to set up a "sandbox" for BOINC. That way, the only application that needs full trust is the BOINC client. The science applications can be severely restricted, and the Manager will run (as always) under the login account.

[Dec 27, 2006 3:44:04 PM]

schepers
Advanced Cruncher
Canada
Joined: Oct 11, 2006
Post Count: 85
Status: Offline
Project Badges:


Re: BOINC installed as a service

So security concerns are the only known issue, not corruption? Interesting because the first machine I tried BOINC on as a "local system" service generated an error on its first work unit so I thought there was some other concerns. My second attempt has been good.

Since I am only connected to the WCG project on BOINC, then in theory I should be OK (minimal risk) to run as a pure system service, yes?

One of the interesting things about the BOINC install is it requires admin rights to install, and defaults to using those admin credentials to run the service. Kind-a defeats the purpose for security, doesn't it?

I would think that UD, running as a service, would suffer the same security issues, except that you can only connect to WCG.

[Dec 27, 2006 5:41:39 PM]

[ ]