On Tue, Jun 09, 2009 at 09:42:54AM -0700, Jeremy Cowles wrote:
> Excuse my ignorance (I'm new to boinc and by no means a security
> expert), but why is this any different from the way it works now? You
> can currently send arbitrary scripts, just not to windows. Do you mind
> explaining?
"Traditional" BOINC applications perform just one task, so unless there
is some serious programming error, they will never try to format your
disk or send spam if you give them bad input. If someone wants to turn
your clients into a nice botnet, they have to modify the application.
But the application is signed with code_signing_key which is normally
not kept on the server, so breaking into your server is not enough to
attack your clients.
Python however is an interpreter and can do almost anyting that a native
application can do. If you can instruct the Python interpreter to
execute a script that is not part of the registered application but
instead comes as a WU input file, then code_signing_key is circumvented,
and an intruder who gains control of your server now can send out
malicious work units turning your clients into spam bots.
If you want to use a generic interpreter like the shell, Python or perl
as a BOINC application, then you have to be very careful and ensure that
any script the interpreter may ever read is part of the (signed)
application and cannot come as a WU input file.
Of course if you only want to use such an interpreter on small, internal
projects, then it does not really matter.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
