Howdy, So far as I know, the systemd init system uses the .service file, which doesn't use the old boinc init script:
/etc/systemd/system/multi-user.target.wants/boinc-client.service The current method for granting access to the Xserver for boinc is to drop a file here: /etc/X11/Xsession.d/36x11-common_xhost-boinc which does follow the recommended xhost command format: ``` BOINC_USER=boinc if type xhost >/dev/null 2>&1; then id -u $BOINC_USER >/dev/null 2>&1 && xhost +SI:localuser:$BOINC_USER || : fi ``` That file is sourced and ran whenever a display manager invokes an Xorg session. On my machine with systemd, this is my xhost output: ``` $ xhost access control enabled, only authorized clients can connect SI:localuser:boinc SI:localuser:preston $ ``` I'm guessing that non-systemd users are probably still using the init script though, so we should still address this in any case. Cheers, Preston Maness On 10/21/2016 03:42 PM, Mike Brennan wrote: > Package: boinc-client > Version: 7.6.33+dfsg-1~bpo8+1 > Severity: grave > Tags: security > Justification: user security hole > > Dear Maintainers, > > boinc-client shell script is used by init/systemd to start the boinc client > daemon (typically running as user=boinc) > > In order for boinc to access GPU hardware - xhost is used to grant access to > boinc. > > At line 109-110 > ------------------------------------------------------------------------------------------- > # grant the boinc client to perform GPU computing > xhost local:boinc || echo -n "xhost error ignored, GPU computing may > not be possible" > -------------------------------------------------------------------------------------------- > > the correct syntax stould be > xhost +si:localuser:boinc > or more correctly for the this script > xhost +si:localuser:$BOINC_USER > > The impact of using this incorrect syntax - is not to error, but grant ALL > local users access. > (This could be a very old or different maybe BSD syntax) > > The intention of the script to grant ONLY user=boinc access, instead all > local users have access. > > For example a little test. > > agentb@dejon:/etc/init.d$ xhost > access control enabled, only authorized clients can connect > SI:localuser:agentb > > agentb@dejon:/etc/init.d$ xhost local:random-string > non-network local connections being added to access control list > > agentb@dejon:/etc/init.d$ xhost > access control enabled, only authorized clients can connect > LOCAL: > SI:localuser:boinc > SI:localuser:agentb > > Hope this is clear, and thank you for maintaining boinc! > > Cheers > Mike > > > -- Package-specific info: > -- Contents of /etc/default/boinc-client: > # This file is /etc/default/boinc-client, it is a configuration file for the > # /etc/init.d/boinc-client init script. > > # Set this to 1 to enable and to 0 to disable the init script. > ENABLED="1" > > # Set this to 1 to enable advanced scheduling of the BOINC core client and > # all its sub-processes (reduces the impact of BOINC on the system's > # performance). > SCHEDULE="1" > > # The BOINC core client will be started with the permissions of this user. > BOINC_USER="boinc" > > # This is the data directory of the BOINC core client. > BOINC_DIR="/var/lib/boinc-client" > > # This is the location of the BOINC core client, that the init script uses. > # If you do not want to use the client program provided by the boinc-client > # package, you can specify here an alternative client program. > #BOINC_CLIENT="/usr/local/bin/boinc" > BOINC_CLIENT="/usr/bin/boinc" > > # Here you can specify additional options to pass to the BOINC core client. > # Type 'boinc --help' or 'man boinc' for a full summary of allowed options. > #BOINC_OPTS="--allow_remote_gui_rpc" > BOINC_OPTS="" > > # Scheduling options > > # Set SCHEDULE="0" if prefering to run with upstream default priority > # settings. > > # Nice levels. When systems are truly busy, e.g. because of too many active > # scientific applications started by the boinc client, there is a chance for > # the boinc client not to be granted sufficient opportunity to check for > # scientific applications to be alive and make the (wrong) decision to > # terminate the scientific app. This is particularly an issue with many > # apps started in parallel on modern multi-core systems and extra overheads > # for the download and uploads of files with the project servers. Another > # concern is the latency for scientific applications to communicate with the > # graphics card, which should be low. All such values should be set and > # controled from within the BOINC client. The Debian init script also sets > # extra constrains via chrt on real time performance and via ionice on > # I/O performance, which is beyond the regular BOINC client. It then was > # too easy to use that code to also constrain minimal nice levels. We still > # think about how to best distinguish GPU applications from regular apps. > BOINC_NICE_CLIENT=10 > BOINC_NICE_APP_DEFAULT=19 > #BOINC_NICE_APP_GPU=5 # not yet used > > # ionice classes. See manpage of ionice (1) in the util-linux package. > BOINC_IONICE_CLIENT=3 # idle > #BOINC_IONICE_APP_DEFAULT=3 # idle, not yet used > #BOINC_IONICE_APP_GPU=2 # best effort, not yet used > > > -- System Information: > Debian Release: 8.6 > APT prefers stable > APT policy: (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages boinc-client depends on: > ii adduser 3.113+nmu3 > ii ca-certificates 20141019+deb8u1 > ii debconf [debconf-2.0] 1.5.56 > ii init-system-helpers 1.22 > ii libboinc7 7.6.33+dfsg-1~bpo8+1 > ii libc6 2.19-18+deb8u6 > ii libcurl3 7.38.0-4+deb8u4 > ii libgcc1 1:4.9.2-10 > ii libstdc++6 4.9.2-10 > ii libx11-6 2:1.6.2-3 > ii libxss1 1:1.2.2-1 > ii python 2.7.9-1 > ii zlib1g 1:1.2.8.dfsg-2+b1 > > boinc-client recommends no packages. > > Versions of packages boinc-client suggests: > pn boinc-client-fglrx <none> > pn boinc-client-nvidia-cuda <none> > pn boinc-client-opencl <none> > ii boinc-manager 7.6.33+dfsg-1~bpo8+1 > ii x11-xserver-utils 7.7+3+b1 > > -- Configuration Files: > /etc/boinc-client/cc_config.xml changed [not included] > /etc/boinc-client/global_prefs_override.xml changed [not included] > > -- debconf information excluded >
signature.asc
Description: OpenPGP digital signature