Package: boinc-client Version: 5.4.9-1+rmh Severity: wishlist I think boinc-client should use chroot() before running the downloaded plugins.
On my setup, only FDs from the following locations are found to be open: /dev/null (FD 0) is inherited from the parent. I think that's ok. /var/lib/boinc-client/projects/climateprediction.net/* Ok /var/lib/boinc-client/lockfile /var/lib/boinc-client/slots/0/boinc_lockfile Sounds like these are inherited from the parent, but not really necessary. How about closing them after fork() ? There are also a pair of nameless sockets, which I think are ok. I would guess that chrooting to "/var/lib/boinc-client/projects/<project_name>" is safe. But I don't know the Boinc API well enough to be sure, or even test it. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-12-amd64-k8 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages boinc-client depends on: ii adduser 3.87 Add and remove users and groups ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libc6-i386 2.3.6-7 GNU C Library: 32bit shared librar ii libcomerr2 1.38+1.39-WIP-2006.04.09-1 common error description library ii libcurl3 7.15.3-1 Multi-protocol file transfer libra ii libgcc1 1:4.1.0-1 GCC support library ii libidn11 0.5.18-2 GNU libidn library, implementation ii libkrb53 1.4.3-6 MIT Kerberos runtime libraries ii libssl0.9.8 0.9.8a-8 SSL shared libraries ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3 ii lsb-base 3.1-5 Linux Standard Base 3.1 init scrip ii python2.4 2.4.2-2 An interactive high-level object-o ii zlib1g 1:1.2.3-11 compression library - runtime boinc-client recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
