system getting hacked after install of boinc

Message boards : Questions and problems : system getting hacked after install of boinc
Message board moderation

To post messages, you must log in.

AuthorMessage
Pepo
Avatar

Send message
Joined: 3 Apr 06
Posts: 547
Slovakia
Message 38367 - Posted: 12 Jun 2011, 16:09:46 UTC - in response to Message 38359.  

problem:
installed boinc, next morning, system hacked.
stuff moved around, files open, work units aborted.
mostly after system does large prim wu.

anybody got any help for this problem?
got any help??
sure could use it.

If you would describe, what actually happened to your computer (or what does "system hacked, stuff moved around, files open, work units aborted" means, then someone might try to guess, what it was, and then help...

Peter
ID: 38367 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5077
United Kingdom
Message 38382 - Posted: 13 Jun 2011, 7:26:09 UTC - in response to Message 38377.  

2. Windows users should install BOINC in Protected Application Execution (PAE) mode which I believe is the default installation mode in the BOINC installer for Windows. Installing in PAE mode severely restricts project executables in what they can do on your computer. (I hope this info about Windows is correct, someone please correct me if I'm wrong, it's been a while since I've run Windows)

That's correct. Unfortunately, the protection against malicious behaviour is so strong that project executables can't interact with graphics card drivers under PAE, and that rules out GPU computation. Participants who want to offer the use of GPUs to projects (increasingly common) are forced to opt for the insecure 'user' mode of operation.
ID: 38382 · Report as offensive
whynot

Send message
Joined: 8 May 10
Posts: 89
Ukraine
Message 38543 - Posted: 18 Jun 2011, 16:26:12 UTC - in response to Message 38377.  


1. On Linux systems avoid using the Berkeley installer to install BOINC. Instead you should install BOINC from your distro's repositories which installs BOINC in such a way that it and project executables run under an unprivileged user account named, for example, boinc-user. That user is severely restricted in what it can access and modify on your system so if you do get a malicious executable from a rogue or hacked BOINC project it won't be able to do much other than delete its own files.


And that really could be a way in. Since many distributions configure sudo(1) to allow the user that installed (UID=1000, you know) to get privileges without authentication (matter of darn friendliness) then such malicious application can do anything. Everything becomes that scary these days.

I'm counting for science,
points just make me sick.
ID: 38543 · Report as offensive

Message boards : Questions and problems : system getting hacked after install of boinc

Copyright © 2024 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.