Bug#514303: boinc-client: by default BOINC binds to all network adaptors
sheridan at shezza.org
Fri Feb 6 02:48:23 UTC 2009
Rather distrubingly, BOINC binds to all network adaptors rather than just localhost, despite the
allow_remote_gui_rpc setting not being set.
As an end-user, I would have expected just for it to bind to the localhost for availability for the boinc-manager.
While there is not an explicity security issue here, because no hosts/ip's are listed in the remote authorisation
file, there is an implicit one and that is if there is ever a buffer overflow against boinc then it's possible that
is going to be exploited by other people.
tcp 0 0 0.0.0.0:31416 0.0.0.0:* LISTEN 20006/boinc
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3126/cupsd
You can see where cupsd for example has bound locally and boinc has bound globally.
If I can be of any further assistance then please don't hesistate to let me know.
-- Package-specific info:
-- Contents of /etc/default/boinc-client:
# This file is /etc/default/boinc-client, it is a configuration file for the
# /etc/init.d/boinc-client init script.
# Set this to 1 to enable and to 0 to disable the init script.
# Set this to 1 to enable advanced scheduling of the BOINC core client and
# all its sub-processes (reduces the impact of BOINC on the system's
# The BOINC core client will be started with the permissions of this user.
# This is the data directory of the BOINC core client.
# This is the location of the BOINC core client, that the init script uses.
# If you do not want to use the client program provided by the boinc-client
# package, you can specify here an alternative client program.
# Here you can specify additional options to pass to the BOINC core client.
# Type 'boinc --help' or 'man boinc' for a full summary of allowed options.
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages boinc-client depends on:
ii adduser 3.110 add and remove users and groups
ii ca-certificates 20080809 Common CA certificates
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcurl3 7.18.2-8 Multi-protocol file transfer libra
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii python 2.5.2-3 An interactive high-level object-o
ii zlib1g 1:184.108.40.206.dfsg-12 compression library - runtime
boinc-client recommends no packages.
Versions of packages boinc-client suggests:
pn boinc-app-seti <none> (no description available)
ii boinc-manager 6.2.14-3 GUI to control and monitor the BOI
pn schedtool <none> (no description available)
-- debconf information excluded
More information about the pkg-boinc-devel