Message boards : Number crunching : ACEMD3 security issue
| Author | Message |
|---|---|
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level  Scientific publications      | |
|
https://i.imgur.com/bgoHpok.png | |
ID: 54048 | Rating: 0 | rate:
 /   Reply
Quote
| |
|
Toni Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 9 Dec 08 Posts: 1006 Credit: 5,068,599 RAC: 0 Level  Scientific publications | |
|
It's the BOINC wrapper. It's compiled in debug mode so it prints out a bit of the strings (a few chars from the path names, mostly "programdata" or translations) which are still allocated at the wrapper exit. You should be able to hide your PCs and workunits with preferences. | |
| ID: 54049 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level Scientific publications | |
You should be able to hide your PCs and workunits with preferences. Can't see anything related to that. Would you point me where to look? | |
| ID: 54050 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Keith Myers  Send message Joined: 13 Dec 17 Posts: 1341 Credit: 7,688,380,645 RAC: 13,299,593 Level  Scientific publications  | |
You should be able to hide your PCs and workunits with preferences. https://www.gpugrid.net/prefs.php?subset=project Should GPUGRID show your computers on its web site? yes | |
| ID: 54063 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level Scientific publications | |
|
Well, it could show my computers, not the damn folder tree. | |
| ID: 54066 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Keith Myers Send message Joined: 13 Dec 17 Posts: 1341 Credit: 7,688,380,645 RAC: 13,299,593 Level Scientific publications | |
Well, it could show my computers, not the damn folder tree. I don't understand what it is you are seeing. All I see on ANY BOINC project are my Computers page which only shows the Details of the host hardware and the Tasks assigned to it. It also shows the current host RAC and host Totals. Nothing more. No other information about the host is leaked. You must have some sort of weird operating system environment. | |
| ID: 54071 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Keith Myers Send message Joined: 13 Dec 17 Posts: 1341 Credit: 7,688,380,645 RAC: 13,299,593 Level Scientific publications | |
Well, it could show my computers, not the damn folder tree. Put the blame on Windows. I don't see any of that in Linux. Stderr output <core_client_version>7.17.0</core_client_version> <![CDATA[ <stderr_txt> 13:58:20 (491): wrapper (7.7.26016): starting 13:58:20 (491): wrapper (7.7.26016): starting 13:58:20 (491): wrapper: running acemd3 (--boinc input --device 2) 14:37:08 (491): acemd3 exited; CPU time 2325.436945 14:37:08 (491): called boinc_finish(0) </stderr_txt> ]]> | |
| ID: 54072 | Rating: 0 | rate:
/ Reply
Quote
| |
|
rod4x4 Send message Joined: 4 Aug 14 Posts: 266 Credit: 2,219,935,054 RAC: 0 Level  Scientific publications  | |
Well, it could show my computers, not the damn folder tree. Your partial folder tree that it displays is a standard BOINC installation tree. It is a partial tree and nothing there uniquely identifies you, nor poses a security risk. As Keith mentioned, if security is high on your list, you can hide your computers, as you have done. | |
| ID: 54074 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level Scientific publications | |
Well, it could show my computers, not the damn folder tree. Look at the image I linked in the first message. It logs folders set in search path. | |
| ID: 54080 | Rating: 0 | rate:
/ Reply
Quote
| |
 Retvari Zoltan Send message Joined: 20 Jan 09 Posts: 2343 Credit: 16,230,965,968 RAC: 2,444,590 Level  Scientific publications | |
Well, it could show my computers, not the damn folder tree. You made the ascii text unreadable with that red mark, but the funny thing is that the hex numbers after the unreadable text encode the same information. So now I know that your given host has an environmental setting of TMP=D:\ProgramDa... The only information which is leaked that your host has a D: drive (as every Windows has a hidden system folder called ProgramData, usually in the root of the C: drive). Being such an ingenious hacker as I am, I still don't know how on Earth could I use it for my nefarious purposes. | |
| ID: 54085 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level Scientific publications | |
|
And still no one knows why it does that. Still a security issue IMHO | |
| ID: 54088 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Retvari Zoltan Send message Joined: 20 Jan 09 Posts: 2343 Credit: 16,230,965,968 RAC: 2,444,590 Level Scientific publications | |
And still no one knows why it does that.We do. As it is stated by Toni right after your question: it's not the GPUGrid app, but the BOINC wrapper does it because it was compiled in "debug" mode so it prints out some app and system related strings to help debug the connection between the app and the BOINC wrapper. The BOINC wrapper is not GPUGrid's "product". Still a security issue IMHOI don't agree with you. | |
| ID: 54089 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Keith Myers Send message Joined: 13 Dec 17 Posts: 1341 Credit: 7,688,380,645 RAC: 13,299,593 Level Scientific publications | |
And still no one knows why it does that.We do. Correct. You have a problem with the BOINC Wrapper app and you should vent your paranoia at the BOINC developers which wrote the application. Target would be David Anderson. davea@berkeley.edu and you should post this issue to the BOINC developer website https://github.com/BOINC/boinc | |
| ID: 54099 | Rating: 0 | rate:
/ Reply
Quote
| |
ServicEnginIC Send message Joined: 24 Sep 10 Posts: 581 Credit: 9,817,612,024 RAC: 20,608,060 Level Scientific publications | |
|
Anyway, collaborating with BOINC projects is an altruist and voluntary action. | |
| ID: 54107 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Padanian Send message Joined: 1 May 09 Posts: 8 Credit: 64,309,026 RAC: 152,097 Level Scientific publications | |
it's not the GPUGrid app, but the BOINC wrapper does it because it was compiled in "debug" mode so it prints out some app and system related strings to help debug the connection between the app and the BOINC wrapper. It is shown on your website as result log of your application. It is not shown on anyone else's project debug logs. I'm participating on other projects, and only GPUGRID shows such info. You're wrong. | |
| ID: 54148 | Rating: 0 | rate:
/ Reply
Quote
| |
|
popandbob Send message Joined: 18 Jul 07 Posts: 67 Credit: 40,277,822 RAC: 0 Level  Scientific publications | |
You're wrong. Just because this project uses a different feature to your other projects does not make him wrong. So perhaps you'd like to get off your high horse and complain to the correct department? | |
| ID: 54149 | Rating: 0 | rate:
/ Reply
Quote
| |
|
Ian&Steve C.  Send message Joined: 21 Feb 20 Posts: 1069 Credit: 40,231,533,983 RAC: 432 Level Scientific publications | |
it's not the GPUGrid app, but the BOINC wrapper does it because it was compiled in "debug" mode so it prints out some app and system related strings to help debug the connection between the app and the BOINC wrapper. as has been said, it's the BOINC wrapper. your computers are hidden anyway. no one can see what you're talking about outside of your screenshot that you posted yourself, so any perceived security concern is kind of moot anyway. you need to address your concerns on the BOINC forum: Questions and Problems ____________  | |
| ID: 54167 | Rating: 0 | rate:
/ Reply
Quote
| |
Message boards : Number crunching : ACEMD3 security issue
