BURP Security


Advanced search

Message boards : Problems and Help : BURP Security

Author Message
Knightoffaith
Send message
Joined: 23 May 14
Posts: 9
Credit: 0
RAC: 0
Message 12729 - Posted: 23 May 2014, 22:03:08 UTC

There isn't much I have seen around the site, so I was curious if there are any security measures in place to check submitted content for malware, either on (blend) files to be rendered, or the images returned from BOINC clients. Or, is there no way for the files to be infected?

Thanks,
KOF

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4487
Credit: 2,094,806
RAC: 0
Message 12732 - Posted: 24 May 2014, 13:25:20 UTC
Last modified: 24 May 2014, 13:42:29 UTC

Uploaded input is reviewed by a human being, scanned by antivirus, parsed by a custom parser, parsed by Blender and tested before it is accepted into the rendering queue.
Output is typically rendered twice to check for errors - malicious or otherwise. Additionally the output is not shown directly on the website but rather a new image is generated containing a compressed and more easily streamable version of the raw image. Artists (or interested people) can download the raw images if they like.

However, this is a beta project and as such we do not yet provide the full stability and security of a full-blown BOINC project.
I would definitely advice against installing BURP on anything mission critical or anything that is keeping anyone alive.

Knightoffaith
Send message
Joined: 23 May 14
Posts: 9
Credit: 0
RAC: 0
Message 12733 - Posted: 24 May 2014, 16:57:09 UTC - in response to Message 12732.

This is good to hear. Thanks.

Profile noderaser
Project donor
Avatar
Send message
Joined: 28 Mar 06
Posts: 512
Credit: 1,553,018
RAC: 79
Message 12738 - Posted: 25 May 2014, 2:24:48 UTC - in response to Message 12732.

I would definitely advice against installing BURP on anything mission critical or anything that is keeping anyone alive.


I would advise against installing BOINC on such systems, due to the hardware strain.
____________

Profile pildanovak
Send message
Joined: 4 Dec 04
Posts: 63
Credit: 7,777
RAC: 0
Message 12782 - Posted: 1 Jun 2014, 14:01:17 UTC - in response to Message 12738.

Regarding the security risks - which are they?

Running of scripts is disabled.(can also be automatically deleted from sent files)
Application(blender) is provided by BURP.
The files provided are only open with the provided application.

Only threat I see is that the file would have some corrupt data that could... I don't know what. But the author would have to probably know blender code - filereading very well, be an blender developer with .svn access and have a trojan patch actually in official blender binary.
Other wise, corrupt file would probably just crash, which means, the file wouldn't get through the automated check...

Only thing that comes to mind is some huge use of memory, but I guess sessions often overstep some stations mem limits and this just causes boinc to stop the rendering?

This must have allready written many times here I guess, so sorry if this is just repeating old stuff.(Just found the registration mail I got from BURP - it was from 2005!!!! )
____________


Post to thread

Message boards : Problems and Help : BURP Security