Bug#366954: shouldn't it use chroot ?
Robert Millan
rmh at aybabtu.com
Fri May 12 11:54:24 UTC 2006
Package: boinc-client
Version: 5.4.9-1+rmh
Severity: wishlist
I think boinc-client should use chroot() before running the downloaded plugins.
On my setup, only FDs from the following locations are found to be open:
/dev/null
(FD 0) is inherited from the parent. I think that's ok.
/var/lib/boinc-client/projects/climateprediction.net/*
Ok
/var/lib/boinc-client/lockfile
/var/lib/boinc-client/slots/0/boinc_lockfile
Sounds like these are inherited from the parent, but not really necessary. How
about closing them after fork() ?
There are also a pair of nameless sockets, which I think are ok.
I would guess that chrooting to "/var/lib/boinc-client/projects/<project_name>" is
safe. But I don't know the Boinc API well enough to be sure, or even test it.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-12-amd64-k8
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages boinc-client depends on:
ii adduser 3.87 Add and remove users and groups
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libc6-i386 2.3.6-7 GNU C Library: 32bit shared librar
ii libcomerr2 1.38+1.39-WIP-2006.04.09-1 common error description library
ii libcurl3 7.15.3-1 Multi-protocol file transfer libra
ii libgcc1 1:4.1.0-1 GCC support library
ii libidn11 0.5.18-2 GNU libidn library, implementation
ii libkrb53 1.4.3-6 MIT Kerberos runtime libraries
ii libssl0.9.8 0.9.8a-8 SSL shared libraries
ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
ii lsb-base 3.1-5 Linux Standard Base 3.1 init scrip
ii python2.4 2.4.2-2 An interactive high-level object-o
ii zlib1g 1:1.2.3-11 compression library - runtime
boinc-client recommends no packages.
-- no debconf information
More information about the pkg-boinc-devel
mailing list