I've found another issue with Mac OS 10.6 Snow leopard that has necessitated additional changes in BOINC. I would appreciate feedback if anyone sees these changes as a problem.
Previously, Mac users without administrative privileges could run a limited version of the BOINC Manager. For example, attach, detach and reset projects were not permitted). They also could not directly access the contents of the BOINC Data directory with tools such as text editors, because of the sandbox security scheme described in <http://boinc.berkeley.edu/sandbox.php>. Due to new restrictions in OS 10.6, I have made the following changes: * If a non-admin user tries to run the Manager, they see an alert saying: "You currently are not authorized to manage the client. Please contact your administrator to add you to the 'boinc_master' user group." BOINC then exits when they acknowledge the alert. * Previously the installer added a login item for all users, so that the Manager would be started automatically when each user logged in. This is no longer done for non-admin users unless that user is a member of group boinc_master. If such a user has a login item from a previous install, it is removed. * The installer asks if the BOINC screensaver should be selected for each user. If the answer is yes, then this is now done only for those users who can run the Manager. Note that it is still possible to set up BOINC to run the Client as a daemon / service at all times, whether any user or no user is logged in. This is described at <http://boinc.berkeley.edu/wiki/Tools_for_Mac_OS_X>. The disadvantages of these changes include: * BOINC will no longer run if a non-admin user is logged in, unless the Client has been set up to run as a daemon / service. * If the Client is running as a daemon / service, a non-admin user cannot suspend or snooze BOINC if it is interfering with his work. I suspect that relatively few Macs are set up with any non-admin users. For those interested in the gory technical details, read on: The OS 10.6 Developer Release Notes at <http://developer.apple.com/mac/library/releasenotes/Cocoa/AppKit.html> say: >As a security measure, SnowLeopard takes steps to prevent >applications that use AppKit from running setuid or setgid. The sandbox security scheme for BOINC on the Mac had the BOINC Manager running setgid boinc_master. This allowed the Manager to access the files it needs in the BOINC Data folder, such as the gui_rpc_auth.cfg file containing the password for communicating with the Client, even when run by a user who is not a member of group boinc_master.. Apparently there is no restriction as long as the logged-in user is also a member of group boinc_master. The Mac BOINC installer adds all users who have administrative privileges (i.e., who are members of group admin) to group boinc_master, so there is no problem with them running BOINC Manager under OS 10.6. Of course, if the user running the Manager is a member of group boinc_master, then the setgid is not needed because the Manager would have permission to access the files anyway. The purpose of using setgid was to allow non-admin users to run the Manager (though there is code in the Manager to limit the things they can do; for example, attach, detach and reset projects was not permitted.) However, when a non-admin user ran BOINC Manager under Mac OS 10.6, the system displayed an authorization dialog requiring an admin user name and password. Othwewise it wouldn't run the Manager, due to the new restrictions on setgid applications. Since the installer used to add a login item to start the Manager whenever these users logged in, this authorization dialog would appear every time they logged in under OS 10.6. The AppKit framework implements the Cocoa APIs. The Manager uses AppKit for certain functions, and wxWidgets also requires it. The Client does not use AppKit, so the new restrictions on setuid aand setgid do not apply to the Client. The screensaver coordinator and default screensaver (boincscr) also use AppKit, but they do not run setuid or setgid, so the new restrictions do not apply to them either. No other component of BOINC uses the AppKit framework. -- Charlie Fenton [email protected] BOINC / s...@home Macintosh & Windows Programmer Space Sciences Laboratory UC Berkeley _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
