Is there any way hijacked tasks can read your other files? I assume BOINC uses some kind of sandbox but how secure is it? All my stuff run Linux if that makes a difference.
Is there any way hijacked tasks can read your other files? I assume BOINC uses some kind of sandbox but how secure is it? All my stuff run Linux if that makes a difference.
No idea. But you may be able to restrict its file access at the OS level just to be safe, or run it in container(s), which it appears to support: https://github.com/BOINC/boinc/wiki/Docker-apps
Even better if it can be run on Podman, since you won’t need a potential root access and hook to set up the containers in the first place, and UID mapping on podman rootless will pretty much guarantee that the user IDs the process gets are not mapped to any real user in your system.
Yes, I use Podman for personal projects for that reason (and for FOSS reasons).