On Thursday 27 Jul 2017 11:02:45 Gregory Woodbury wrote: > Depending on which BOINC projects you choose to run, BOINC may or may > not need continual access to the Internet. > Most of the projects I run only need intermittent access to upload and > receive new workunits, but CERN projects need > continuous access while running.
It's only the incoming access from the Big Bad World that would be shut most of the time, only opened for particular purposes. > Also, BOINC will run if the certificates are not owned by BOINC, but > will complain in the logs when they are updated, and then > you could update them by hand. I haven't experienced that so far. But I get lots of "gr-sec: denied following symlink /home/prh/boinc/ca- bundle.crt since owner 1000 does not match target owner 0" errors. Also, today I see "denied untrusted exec (due to being in untrusted group and file in non-root-owned directory)" errors as well. (I hope I've transcribed those right.) It looks as though it has to run as root, which doesn't bode well. I'll experiment with running BOINC with the default ownerships, though. > So far as I know, there have not been any vectors propagated via BOINC. That's good - thanks. -- Regards Peter
