On Wed, Jun 10, 2009 at 05:13:51AM -0700, Mark Pottorff wrote:
> I have not looked at the BOINC code, but it would seem that the signatures
> should assure all of the following:
>
> 1) That no files have been inserted into the task
> 2) That no files have been removed from the task
> 3) That the command line is as issued by the project
> 4) That the files received are all consistent with the project
If the application is written properly then none of this matters, the
current code_signing_key mechanism provides adequate protection. The
problem starts when people want to run applications that was not
designed with security in mind. You have to realize that applications
that run under BOINC are going to operate in a hostile environment, and
they must protect both themselves from the environment, and the
environment from themselves.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
