Excuse my ignorance (I'm new to boinc and by no means a security expert), but why is this any different from the way it works now? You can currently send arbitrary scripts, just not to windows. Do you mind explaining?
The scripts PyMW uses now are trivial, no doubt. So I'm not saying that it would be hard to change them, I am just curious why batch files are excluded. -- Jeremy On 6/9/09, Gabor Gombas <[email protected]> wrote: > On Mon, Jun 08, 2009 at 05:48:43PM -0700, Jeremy Cowles wrote: > >> Actually, a batch is the main_application for PyMW currently. Because the >> true application changes from run to run, it gets passed as an argument to >> a >> batch file which hands it off to Python. So the command looks something >> like: >> >> pymw_1.00_windows_intelx86.bat <main_app_script> <input_file> >> <output_file> > > Have you considered the security implications? Running the application > this way means that the code_signing_key can be easily circumvented. If > someone breaks into your server, they can inject a malicious script into > a work unit as an extra input file (and therefore not subject to > code_signing_key checking) and modify the command line to call the malicious > script instead of the main application. That script then can then deploy > rootkits, viruses, trojans, SPAM bots etc. > > We also have applications that use an interpreter (a modified busybox in > our case), but we have the scrit's name hard-coded in the main > executable and therefore you cannot override it so easily. > > Actually, you do not need to override the command line. Just inject an > extra input file called "python.exe" using <copy_file/>, and Windows > will happily execute it before looking at %PATH%. So you not only > need to hard-code the name of the main script, but you also have to > hard-code the path to the Python interpreter on Windows. > > So I think the lack of .bat handling is in fact an useful feature > because it makes you think twice. > > Gabor > > -- > --------------------------------------------------------- > MTA SZTAKI Computer and Automation Research Institute > Hungarian Academy of Sciences > --------------------------------------------------------- > _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
