Message boards :
Number crunching :
BOINC & Security
Message board moderation
Author | Message |
---|---|
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
After the later incidents, I feel security needs to be more promoted among BOINC users. I often see people to be far too carefree with the installation, project selection, 3rd party tools, and other related issues. I believe some security tips should be shown during the installation or be posted on some privileged place on the project websites. Or maybe, at least they could be pinned up here at the top of the forum. I attempted to put together an article discussing some of the security issues related to BOINC and posted it on my website: http://boinc.truxoft.com/security.htm For experts, it may be little interesting, but I hope that for some users it is informative enough. Though - I know that even experienced users often forget to protect themselves properly, or are too lazy for doing it - so for example the proper installation of BOINC under unprivileged user id with restriction to the rest of the system, as described in the first part of the article, is rare to see. If you see any mistakes, or have constructive comments, please feel free to post it here. Please avoid starting flame wars about security of Windows or other operating systems - such comments here are futile and do not help anyone. trux BOINC software Freediving Team Czech Republic |
Miras Send message Joined: 19 Aug 04 Posts: 12 Credit: 2,205,948 RAC: 0 |
I checked how it is with WinXP Home systems. In WinXP Pro, if you want to have full controll above the user rights, you have to turn of "feature" called "Simply file sharing". Well, when you have this turned on, the possibilities to set users rights are exactly the same as it is in XP Home - miserable. In XP Home, you don't have chance to turn on "classic file sharing interface", so you can't forbid user from accessing some folders. Maybe some 3rd party sw, or some kind of tweak can do this, but normally the 1st part of your quide is unusable About the quide: It's always good to know the risks. So thanks for this. But as you mentioned, users are too lazy and comfortable to do any of the precautions that you advice to do. Maybe when there will be a real danger, not just possibilities? |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
...but normally the 1st part of your quide is unusableWell, on Home systems, or with PRO not being a domain member or not having the "simple file sharing" disabled, you can use the installation hints to some extend anyway: although it is dangerours and not recommended, most people on such systems work logged into an account with full administrator priviledges, not into a plain user account, because in this way they can easier manage the system and install programs. Users are either unaware of the risks of working in the admin account, or too lazy to switch among the accounts. Only few people are aware of the possibility to launch applications under another user ID (right-click + "Launch as") that facilitates the installation and maintenance even if you are logged in as a plain user. So even if you run XP Home system, you can create a separate plain-user account specifically for BOINC, and install it as service running under this user id. Finetuning the permitions may not be as much possible as on XP Pro systems, but already assuring that BOINC does not run under administrator user id (or as "local system") is extremely important. trux BOINC software Freediving Team Czech Republic |
Miras Send message Joined: 19 Aug 04 Posts: 12 Credit: 2,205,948 RAC: 0 |
Yes, I expressed myself inaccurately. It is possible to folow steps described in paragraph "Installation", except points 3) and 4). And I forgot one note anyway. Even in systems you have listed on your page, it's file system dependent. It's quite hard to set users rights with FAT32 :). Unfortunatelly, many of big computer manufacturers do supply NTFS compatible systems on FAT32 formated disk. You can convert FAT32 into NTFS without data loss, but there are some restrictions concerning also NTFS rights. |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
Yes, thanks, Miras, for the comments. I'll add them to the page too. trux BOINC software Freediving Team Czech Republic |
Tigher Send message Joined: 18 Mar 04 Posts: 1547 Credit: 760,577 RAC: 0 |
|
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
Nice paper there to help with security. Have you thought about giving it to Paul Buck for the Wiki? Would be good to have it there too I think. Good work though!Sure, if Paul is interested in posting it on Wiki, I'd be happy to help. I suppose he will see the thread and post here if he thinks it is worth of putting there. I do not propose it myself, because I am aware my English is far to be perfect, and although it is not a problem on my own website, I am not sure if it would be acceptable elsewhere. trux BOINC software Freediving Team Czech Republic |
Sir Ulli Send message Joined: 21 Oct 99 Posts: 2246 Credit: 6,136,250 RAC: 0 |
|
Lee Carre Send message Joined: 21 Apr 00 Posts: 1459 Credit: 58,485 RAC: 0 |
In XP Home, you don't have chance to turn on "classic file sharing interface", so you can't forbid user from accessing some folders. Maybe some 3rd party sw, or some kind of tweak can do this, but normally the 1st part of your quide is unusable it is possible to get the security tab with XP home, it's just hidden see this guide about enabling it for xp home |
AlecStaar Send message Joined: 16 Dec 05 Posts: 260 Credit: 44,472 RAC: 0 |
I wouldn't recommend running SETI@Home #2/BOINC suite as a service, personally, because of the article written about it by Trux (nice read man by the way)... On services, per his directions in his article URL below, you can 'harden' it though if you choose to run this program suite as a service. On the converse: I would recommend using NTFS filesystems because the security tab settings ONLY take effect IF you use NTFS for your filesystem format type for diskbound security - keep that in mind guys! See, I am not 110% certain if Trux mentions this in his article or not, because I seem to recall that being a point that was omitted or rather, just simply overlooked! (I can see that, using NTFS should be common-sense really imo @ least, vs. Fat16/32 for MOST things & especially regarding security)... (E.G.-> There was no specific mention of using NTFS that I can recall in its content... @ least not in its original version prior to revisions, because I read it a few days ago when it was first posted here). * Overall though, I found the advice on the use of "Local Service" very enlightening in it though in Trux's article... on that note, it was VERY informative. APK P.S.=> This URL, if you're interested, is all about security "hardening" a Windows NT-based 32-bit OS (newer ones like 2000/XP/Server 2003) for better security AND speed: http://www.avatar.demon.nl/APK.html That article & set of registry hacks (as well as other tricks) can show you a great deal about tuning your OS for BOTH security, and speed... You guys may wish to refer to it &/or use its prebuilt .reg files for those purposes. The prebuilt .reg files there are fully documented internally as well for your reference/use as well! That's so you know what it is that you are tuning & what is being affected & how via the tuning they provide for security AND speed. The references, more often than not, come from Microsoft (regarding BOTH IP settings and local system hacks for better security + speed). Straight from the horses' mouth. (The .reg files had the ref. URL's for description of each setting tuned when I uploaded them & the last time I looked @ them, right in the .reg files themselves when I built them - the copies I have here are that way for certain, & took me MANY hours to edit for that purpose (and, I believe I uploaded the fully internally documented ones to that website above, & if not, I just resent them to the webmaster there for the purpose of replacing the ones there with the fully internall documented models that explain each setting, how it works, what tunings are possible + ranges & data types to use, etc.)) That is so I had reference & FULL technical documentation of it myself now as well as others also, & in the future (using Win32 based OS built off of the Windows 2000/XP/Server 2003 architectures). They show you exactly where & what is affected, per the documentation @ Microsoft regarding securing your system IP-wise & also for local system security as well (it even compliments the SCW (Security Configuration Wizards) in Windows Server 2003 SP #1 even)... apk http://torry.net/authorsmore.php?id=1781 "The object's hull is made of SOLID neutronium: A single StarShip cannot combat it!" quote Mr. Spock, Star Trek original series, episode title: "The Doomsday Machine" |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
I wouldn't recommend running SETI@Home #2/BOINC suite as a service, personally, because of the article written about it by Trux (nice read man by the way)...???? Quite in contrary, it is much safer running it as service under unpriviledged and isolated user, than directly under your own user account! And, of course, as already written, you need to use a file system allowing detailed file and dir permissions. NTFS is today probably on most XP machines by default (or they can be converted to), so it should not be any big issue. trux BOINC software Freediving Team Czech Republic |
Bilbo Send message Joined: 20 Sep 99 Posts: 1 Credit: 1,743,726 RAC: 0 |
Well, it would have been nice if it had worked, but the service refuses to start as user boinc. Must be some missing parts here. Installer doesn't find SID for boinc if I try to install it directly for account boinc. If I change the account in the service logon it won't start. --- anonymous covard |
parknook Send message Joined: 27 Mar 01 Posts: 2 Credit: 1,277,417 RAC: 0 |
http://www.avatar.demon.nl/APK.html doesn't work :-( |
dasy2k1 Send message Joined: 9 Jul 05 Posts: 65 Credit: 118,948 RAC: 0 |
i use linux for my main PC and i cruuently run seti on my normal unprovalaged user account, i cannot see how it would be any safer running it in a sepereate account then in this one as i have the lowest privalages avalable (as all linux sytems default to) i woudl never run it as root (administrator in windows speak) but the again i would never log on fully as root in normal sucramstances, i would just use SU |
Tetsuji Maverick Rai Send message Joined: 25 Apr 99 Posts: 518 Credit: 90,863 RAC: 0 |
i use linux for my main PC and i cruuently run seti on my normal unprovalaged user account, On Linux and other unix like OS'es, the most important things are:
Luckiest in the world. WMD = Weapon of Mass Distraction. Click this table. |
Tetsuji Maverick Rai Send message Joined: 25 Apr 99 Posts: 518 Credit: 90,863 RAC: 0 |
I forgot to write "invoke 'umask 027' just before lauching boinc". For example, my script is: cd /home/boinc/run rm -f lockfile blc* umask 027 su boinc -c "./boinc -allow_remote_gui_rpc -return_results_immediately -redirectio"& This 'umask 027' makes account_xxx.xml and other files unreadable (and unmodifiable) to other users. And my boinc directory looks like: total 4688 -rw-r----- 1 boinc boinc 705 May 29 10:07 account_setiweb.ssl.berkeley.edu_beta.xml -rwxr-x--- 1 boinc boinc 448772 May 24 01:48 boinc -rw-r----- 1 boinc boinc 181325 May 29 13:43 client_state.xml .... so this account_setiweb.xxxxx.xml isn't readable to other users. Luckiest in the world. WMD = Weapon of Mass Distraction. Click this table. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.