| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: Permissions of temporary files |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 13
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I'm running WCG under the command-line version of BOINC 5.10.45 on a Mac. I also run a daily security script that, among other things, checks for world-writable files, which I definitely don't want. Every day I find such files in the slots directories with names such as boinc_faah_4 and boinc_RICE_10. These files all seem to be created by the WCG application, never by any of the other BOINC applications that I run.
Is there any way to prevent these files from being created with insecure permissions? I've tried setting a umask, but it's ignored. This seems to be a bug in recent versions of WCG, because I don't recall seeing these files when I first started running it about a year ago. Thanks. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hello yainItdec5,
Thanks for spotting this. I will point it out to the staff. Lawrence |
||
|
|
armstrdj
Former World Community Grid Tech Joined: Oct 21, 2004 Post Count: 695 Status: Offline Project Badges: 
|
These files are created by the BOINC API to support graphics for each application. They will only show up on projects that are using the newer BOINC graphics model. We are currently updating all of our existing applications to use this model, and all new applications starting with RICE will be released with this model.
Thanks, armstrdj |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Does that mean the bug isn't going to be fixed?
|
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
Hi,
----------------------------------------Cannot judge what your concerns exactly are, but here a page that explains the "sandboxing" as implemented under BOINC and MacIntosh specifically. NRW(RICE), and DDDT & FAAH I think too, have been readied for BOINC 6, their version numbers starting with 6 are signifying this. Don't know how it will show when BOINC 6 is actually rolled out. Client security and sandboxing http://boinc.berkeley.edu/wiki/Client_security_and_sandboxing It might be a question needing Q&A at the Berkeley developers forum to assess the effect. http://boinc.berkeley.edu/dev/index.php Sorry, it's weekend, so any programmers or tech reply will be Monday earliest.
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Jord
Advanced Cruncher Joined: Dec 30, 2005 Post Count: 148 Status: Offline Project Badges: 
|
I wonder if it matters much as the slots directory will be emptied out as soon as the task has been crunched, uploaded & reported. Everything in there will be deleted, while if a new task starts it may even take the same slot, its files overwriting any position on the disk that the old one held.
----------------------------------------(Meaning you can't use something like Undelete to undelete old files) But I'll ask the Mac developer of BOINC to look at this thread.
Tears in my eyes
How they fall like rain to the floor |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Cannot judge what your concerns exactly are, but here a page that explains the "sandboxing" as implemented under BOINC and MacIntosh specifically. My concern isn't related to sandboxing. WCG is unnecessarily creating world-writable files in world-readable directories. Any process can modify those files. That's a violation of the UNIX security model. Maybe the bug has no practical consequences in itself, though it certainly could, but if it's not taken seriously by the developers, that raises questions about whether I want this application running under remote control on my system, using my network connection and storage space, and doing who knows what. Here's a specific example of why the files are dangerous. Suppose a user unwittingly installs a trojan controlled by some botnet. To avoid detection, the trojan caches data in the WCG temporary files, overwriting whatever is in them. There's no easy way to trace that data back to the user or process that created it. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
As Sekerob, Ageless and armstrdj said, this is a BOINC problem. We aren't minimising the problem at all, just explaining where the problem needs fixing.
However, this isn't a bug. It's a weakness, not a specific vulnerability. Hopefully it will be corrected soon - Jord has already reported it. |
||
|
|
Jord
Advanced Cruncher Joined: Dec 30, 2005 Post Count: 148 Status: Offline Project Badges:
|
And I have gotten a reply from the developer in question. He told me that WCG had brought it to his attention as well, they've discussed the possible problems concerned.
----------------------------------------The actual security risk is negligible. About the worst mischief that a troublemaker could do would be to suspend running applications, and he would need to be logged in to the computer running BOINC. However it is recognized that it is a nuisance for people running this security script, so they've added it to their list of things to change in the future. It won't be added to the upcoming BOINC 6.2.x release though, but in a later version.
Tears in my eyes
How they fall like rain to the floor |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Thanks.
|
||
|
|
|