Is there any way hijacked tasks can read your other files? I assume BOINC uses some kind of sandbox but how secure is it? All my stuff run Linux if that makes a difference.
Oh man this takes me back. ran seti@home for the better part of a decade.
No idea. But you may be able to restrict its file access at the OS level just to be safe, or run it in container(s), which it appears to support: https://github.com/BOINC/boinc/wiki/Docker-apps
Even better if it can be run on Podman, since you won’t need a potential root access and hook to set up the containers in the first place, and UID mapping on podman rootless will pretty much guarantee that the user IDs the process gets are not mapped to any real user in your system.
Yes, I use Podman for personal projects for that reason (and for FOSS reasons).
In the past, no, there have been remote exploits done through BOINC. But I haven’t been an active participant in over a decade, so I don’t know what their security is like now.
No. Don’t do this.
