boinc icon indicating copy to clipboard operation
boinc copied to clipboard
verified publisher icon BOINC

Eliminate use of founder's email address in BOINC-wide team creation

Open voidxor opened this issue 4 years ago • 4 comments

Describe the vulnerability

According to the BOINC-wide teams page (which is still linked from the team_manage.php page of several projects), creation of BOINC-wide teams was disabled back in 2015 due to team founders getting spam. This is because the founders' email addresses are disseminated to the projects ("in a munged form", yet still decipherable).

@davidpanderson confirmed for me that this is still an issue, and had not yet (to our knowledge) been opened on GitHub.

Describe the solution you'd like

Instead of keying off of the founder's email address, it would be wiser to use an authenticator, weak authenticator, or better yet a cross-project team ID. This should have the added benefit of abstracting the team from the founder and their email address. Per the advice on the BOINC-wide teams page, it is currently ill-advised for the founder to change email addresses.

Additional context

I named this security bug report in line with #4085, #4086, and #4087, as created by @TheAspens. However, those issues have to do with user security and not team security.

While I'm interested in converting my team into a BOINC-wide team, I'll wait until email addresses are no longer exposed. I understand that the suggested workaround is to setup an email address purely for this purpose (due to the spam it will cause), but am reluctant to have to create, track, and check yet another email account.

Seeing as BOINC-wide teams have been in limbo since 2015, I'm guessing the whole approach needs to be rethought anyway to comply with the GDPR.

voidxor avatar Feb 02 '21 22:02 voidxor

Please make a specific proposal. Something has to be distributed (publicly) to BOINC projects, and it needs to allow the creation of an account that only the team founder can log in to.

davidpanderson avatar Feb 02 '21 23:02 davidpanderson

Please make a specific proposal. Something has to be distributed (publicly) to BOINC projects, and it needs to allow the creation of an account that only the team founder can log in to.

@davidpanderson Sorry, I thought I had. My suggestion was to not distribute the founder's email address. I suggested keying off of something else as a solution. I can't be more specific than that because I'm not really a computer-security expert and not familiar with the internals of BOINC nor BOINC projects. I was hoping somebody more familiar with the matter could propose specifics.

When you say it creates an account that only the founder can log in to, do you mean from the central BOINC server here? Or does the creation of a BOINC-wide team literally spawn an account for the founder on every project, including those in which the founder doesn't participate?

voidxor avatar Feb 03 '21 21:02 voidxor

It creates an account for the founder on every project.

davidpanderson avatar Feb 03 '21 22:02 davidpanderson

Interesting. How is the founder's password distributed? Surely somebody can think of a secure way to do this.

voidxor avatar Feb 04 '21 00:02 voidxor