After the later incidents, I feel security needs to be more promoted among BOINC users. I often see people to be far too carefree with the installation, project selection, 3rd party tools, and other related issues. I believe some security tips should be shown during the installation or be posted on some privileged place on the project websites. Or maybe, at least they could be pinned up here at the top of the forum.

I attempted to put together an article discussing some of the security issues related to BOINC and posted it on my website:

http://boinc.truxoft.com/security.htm

For experts, it may be little interesting, but I hope that for some users it is informative enough. Though - I know that even experienced users often forget to protect themselves properly, or are too lazy for doing it - so for example the proper installation of BOINC under unprivileged user id with restriction to the rest of the system, as described in the first part of the article, is rare to see.

If you see any mistakes, or have constructive comments, please feel free to post it here. Please avoid starting flame wars about security of Windows or other operating systems - such comments here are futile and do not help anyone.

---

trux
BOINC software
Freediving Team
Czech Republic

I checked how it is with WinXP Home systems. In WinXP Pro, if you want to have full controll above the user rights, you have to turn of "feature" called "Simply file sharing". Well, when you have this turned on, the possibilities to set users rights are exactly the same as it is in XP Home - miserable. In XP Home, you don't have chance to turn on "classic file sharing interface", so you can't forbid user from accessing some folders. Maybe some 3rd party sw, or some kind of tweak can do this, but normally the 1st part of your quide is unusable

About the quide: It's always good to know the risks. So thanks for this. But as you mentioned, users are too lazy and comfortable to do any of the precautions that you advice to do. Maybe when there will be a real danger, not just possibilities?

...but normally the 1st part of your quide is unusable

Well, on Home systems, or with PRO not being a domain member or not having the "simple file sharing" disabled, you can use the installation hints to some extend anyway: although it is dangerours and not recommended, most people on such systems work logged into an account with full administrator priviledges, not into a plain user account, because in this way they can easier manage the system and install programs. Users are either unaware of the risks of working in the admin account, or too lazy to switch among the accounts. Only few people are aware of the possibility to launch applications under another user ID (right-click + "Launch as") that facilitates the installation and maintenance even if you are logged in as a plain user.

So even if you run XP Home system, you can create a separate plain-user account specifically for BOINC, and install it as service running under this user id. Finetuning the permitions may not be as much possible as on XP Pro systems, but already assuring that BOINC does not run under administrator user id (or as "local system") is extremely important.

---

trux
BOINC software
Freediving Team
Czech Republic

Yes, I expressed myself inaccurately. It is possible to folow steps described in paragraph "Installation", except points 3) and 4).
And I forgot one note anyway. Even in systems you have listed on your page, it's file system dependent. It's quite hard to set users rights with FAT32 :). Unfortunatelly, many of big computer manufacturers do supply NTFS compatible systems on FAT32 formated disk. You can convert FAT32 into NTFS without data loss, but there are some restrictions concerning also NTFS rights.

Yes, thanks, Miras, for the comments. I'll add them to the page too.

---

trux
BOINC software
Freediving Team
Czech Republic

Trux
Nice paper there to help with security. Have you thought about giving it to Paul Buck for the Wiki? Would be good to have it there too I think. Good work though!

---

Nice paper there to help with security. Have you thought about giving it to Paul Buck for the Wiki? Would be good to have it there too I think. Good work though!

Sure, if Paul is interested in posting it on Wiki, I'd be happy to help. I suppose he will see the thread and post here if he thinks it is worth of putting there. I do not propose it myself, because I am aware my English is far to be perfect, and although it is not a problem on my own website, I am not sure if it would be acceptable elsewhere.

---

trux
BOINC software
Freediving Team
Czech Republic

thanks for the Info trux

very interesting read

Greetings from Germany NRW
Ulli

In XP Home, you don't have chance to turn on "classic file sharing interface", so you can't forbid user from accessing some folders. Maybe some 3rd party sw, or some kind of tweak can do this, but normally the 1st part of your quide is unusable

it is possible to get the security tab with XP home, it's just hidden
see this guide about enabling it for xp home

I wouldn't recommend running SETI@Home #2/BOINC suite as a service, personally, because of the article written about it by Trux (nice read man by the way)...

On services, per his directions in his article URL below, you can 'harden' it though if you choose to run this program suite as a service.

On the converse:

I would recommend using NTFS filesystems because the security tab settings ONLY take effect IF you use NTFS for your filesystem format type for diskbound security - keep that in mind guys!

See, I am not 110% certain if Trux mentions this in his article or not, because I seem to recall that being a point that was omitted or rather, just simply overlooked!

(I can see that, using NTFS should be common-sense really imo @ least, vs. Fat16/32 for MOST things & especially regarding security)...

(E.G.-> There was no specific mention of using NTFS that I can recall in its content... @ least not in its original version prior to revisions, because I read it a few days ago when it was first posted here).

* Overall though, I found the advice on the use of "Local Service" very enlightening in it though in Trux's article... on that note, it was VERY informative.

APK

P.S.=> This URL, if you're interested, is all about security "hardening" a Windows NT-based 32-bit OS (newer ones like 2000/XP/Server 2003) for better security AND speed:

http://www.avatar.demon.nl/APK.html

That article & set of registry hacks (as well as other tricks) can show you a great deal about tuning your OS for BOTH security, and speed...

You guys may wish to refer to it &/or use its prebuilt .reg files for those purposes. The prebuilt .reg files there are fully documented internally as well for your reference/use as well!

That's so you know what it is that you are tuning & what is being affected & how via the tuning they provide for security AND speed.

The references, more often than not, come from Microsoft (regarding BOTH IP settings and local system hacks for better security + speed). Straight from the horses' mouth.

(The .reg files had the ref. URL's for description of each setting tuned when I uploaded them & the last time I looked @ them, right in the .reg files themselves when I built them - the copies I have here are that way for certain, & took me MANY hours to edit for that purpose (and, I believe I uploaded the fully internally documented ones to that website above, & if not, I just resent them to the webmaster there for the purpose of replacing the ones there with the fully internall documented models that explain each setting, how it works, what tunings are possible + ranges & data types to use, etc.))

That is so I had reference & FULL technical documentation of it myself now as well as others also, & in the future (using Win32 based OS built off of the Windows 2000/XP/Server 2003 architectures).

They show you exactly where & what is affected, per the documentation @ Microsoft regarding securing your system IP-wise & also for local system security as well (it even compliments the SCW (Security Configuration Wizards) in Windows Server 2003 SP #1 even)... apk

---

http://torry.net/authorsmore.php?id=1781

"The object's hull is made of SOLID neutronium: A single StarShip cannot combat it!" quote Mr. Spock, Star Trek original series, episode title: "The Doomsday Machine"

I wouldn't recommend running SETI@Home #2/BOINC suite as a service, personally, because of the article written about it by Trux (nice read man by the way)...

???? Quite in contrary, it is much safer running it as service under unpriviledged and isolated user, than directly under your own user account! And, of course, as already written, you need to use a file system allowing detailed file and dir permissions. NTFS is today probably on most XP machines by default (or they can be converted to), so it should not be any big issue.

---

trux
BOINC software
Freediving Team
Czech Republic

Well, it would have been nice if it had worked, but the service refuses to start as user boinc.

Must be some missing parts here. Installer doesn't find SID for boinc if I try to install it directly for account boinc. If I change the account in the service logon it won't start.

---
anonymous covard

http://www.avatar.demon.nl/APK.html doesn't work :-(

---

i use linux for my main PC and i cruuently run seti on my normal unprovalaged user account,
i cannot see how it would be any safer running it in a sepereate account then in this one as i have the lowest privalages avalable (as all linux sytems default to) i woudl never run it as root (administrator in windows speak)
but the again i would never log on fully as root in normal sucramstances, i would just use SU

---

i use linux for my main PC and i cruuently run seti on my normal unprovalaged user account,
i cannot see how it would be any safer running it in a sepereate account then in this one as i have the lowest privalages avalable (as all linux sytems default to) i woudl never run it as root (administrator in windows speak)
but the again i would never log on fully as root in normal sucramstances, i would just use SU

On Linux and other unix like OS'es, the most important things are:

• Don't let people modify any files.
  
• Don't show account_xxxxxx.xml file(s), which contains your account key.
  

So I make an account only for boinc called "boinc" with group "boinc". and remove all permissions for other users in the boinc home directory by "chmod -R o-rx .". And put "umask 027" in .bashrc or any other shell script which prohibits any flags for others from being set (this is very important, because boinc uses these flags for account_xxxx.xml, workunits and applications downloaded). And run boinc in the initial script as boinc like "su boinc -c "./boinc >& /dev/null"" or something (depends on the syntax of su).

Then, if others can know the name of files (usually even this is impossible if you use a randomly named subdirectory), he/she cannot read or rewrite them, because others' permission flags for all files in boinc directory are reset. Only boinc and root can read, write and execute them. Other users cannot read/write the newly produced files in boinc's home directory. But the users of the boinc group can read files...you can specify those members.

You don't have to worry about buffer overflow or any other program flaws because there's nothing that other users can give to boinc applications.

I'm a sort of security maniac also :D

---

Luckiest in the world. WMD = Weapon of Mass Distraction.
Click this table.

I forgot to write "invoke 'umask 027' just before lauching boinc". For example, my script is:

cd /home/boinc/run
rm -f lockfile blc*
umask 027
su boinc -c "./boinc -allow_remote_gui_rpc -return_results_immediately -redirectio"&

This 'umask 027' makes account_xxx.xml and other files unreadable (and unmodifiable) to other users. And my boinc directory looks like:

total 4688
-rw-r----- 1 boinc boinc     705 May 29 10:07 account_setiweb.ssl.berkeley.edu_beta.xml
-rwxr-x--- 1 boinc boinc  448772 May 24 01:48 boinc
-rw-r----- 1 boinc boinc  181325 May 29 13:43 client_state.xml
....

so this account_setiweb.xxxxx.xml isn't readable to other users.

---

Luckiest in the world. WMD = Weapon of Mass Distraction.
Click this table.