> > > Excuse my ignorance (I'm new to boinc and by no means a security > > expert), but why is this any different from the way it works now? You > > can currently send arbitrary scripts, just not to windows. Do you mind > > explaining? > > Python however is an interpreter and can do almost anyting that a native > application can do. If you can instruct the Python interpreter to > execute a script that is not part of the registered application but > instead comes as a WU input file, then code_signing_key is circumvented, > and an intruder who gains control of your server now can send out > malicious work units turning your clients into spam bots. >
OK, I completely misunderstood you. I thought you saying that the BATCH file was a security vulnerability, despite the fact that it could be signed and never changes. Yes, shipping unsigned, arbitrary bits of Python code is going to be unsafe, however, this is a gateway-drug. It is designed for simplicity: it allows users to get up and running quickly with BOINC and Python. If a project grew to include thousands of users, more security measures would need to be taken. Also, once a large project is up and running, the script isn't going to be changing on a per-workunit basis, so there's no reason it couldn't be signed and distributed like any other application. But I suppose having the *ability* to send unsigned scripts is always a potential security hole... Thanks for the clarification. -- Jeremy _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
