Posts by trigggl

1) Message boards : News : MLDS release v0.911 (Message 290)
Posted 1 Aug 2020 by trigggl
Post:
...Apparently the app is trying to use /dev/fuse. Is that a security risk? I'm hesitant to open it up to non-root users.


FUSE is designed from the beginning to allow a filesystem in userspace, and is designed so that users can do it. Ubuntu/Debian/Fedora/OpenSUSE/Centos/RHEL all allow it. Still, I'd recommend you read up on it decide for yourself if you're comfortable opening it up. You could probably also limit it to only the boinc user.

The application is bundled as an AppImage, which allows me to ship the app and all its dependencies as one binary. To achieve this, it creates a small chroot with the binary and the dependent libs on a squashfs filesystem embedded in the binary. When executed, the appimage portion creates a temporary mount point in /tmp, mounts the squashfs image there, and executes a script which sets up the linker path to look for libs in the squashfs before looking on the main system, and then runs the app.


boinc is precisely the user I don't want having any added access for mounting. boinc needs to stay in the boinc home folder (/var/lib/boinc). There have been too many projects that have been malicious for me to trust boinc with any added priviledges. '/var/lib/boinc' has its own partition. Don't want it running anywhere else.
2) Message boards : News : MLDS release v0.911 (Message 84)
Posted 4 Jul 2020 by trigggl
Post:
The first task on my Gentoo Linux system failed.

https://www.mlcathome.org/mlcathome/result.php?resultid=50200

Apparently the app is trying to use /dev/fuse. Is that a security risk? I'm hesitant to open it up to non-root users.




©2022 MLC@Home Team
A project of the Cognition, Robotics, and Learning (CORAL) Lab at the University of Maryland, Baltimore County (UMBC)