BOINC Daemon Password

From Unofficial BOINC Wiki

[edit] General

The BOINC Daemon can be protected from remote access, which is enabled by the Remote Hosts File, with an additional protection through the use of a BOINC Daemon Password.

The BOINC Daemon Password is "set" with the addition of a plain text file in the BOINC Directory with the name of: gui_rpc_auth.cfg.

This plain text file will only contain the password. WARNING: the BOINC Manager connections from the localhost machine will also have to use this password, even though connecting to the localhost does not seem to be a remote connection.

Note: If you make a share of the BOINC Directory the contents of the gui_rpc_auth.cfg will be "visible" and therefore not a significant barrier to external access of the BOINC Daemon.

Starting with version 5.2.2; a gui_rpc_auth.cfg file is now created by default if it wasn't detected at startup.

A security organization found an exploit where, on a multi-user system, an sshd process could redirect the loopback adapter 1043 or 31416 port to a different system and allow attaching and detaching of projects among other things. This was without the --allow_gui_rpc switch.

So now, the BOINC Daemon will create a random password file which can be read by the local BOINC Manager and will be used when attempting to communicate with the BOINC Daemon.

gui_rpc_auth.cfg can be modified with any text editor and can be any password you want.