Gentoo Archives: gentoo-security

From: Douglas Breault Jr <GenKreton@×××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 15:41:29
Message-Id: 43CE5EEB.4040209@comcast.net
In Reply to: Re: [gentoo-security] Running untrusted software by Oliver Schad
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I need to run this CSA in order to gain access to the network. I don't
trust the network much either, but I am always using OpenVPN, which I
trust completely. Currently I can access the network, and ergo my vpn
without this, but after the 26th that all changes.

I will definitely look into grsec but it seems complicated. Regardless I
require a viable solution and I will take the steps necessary,
regardless of complication.

Is there a way to try and trace what the binary wants to do? I'm aware i
could run strace on it and ethereal to capture what it transmits... But
is there more I can do?

Thanks,
Douglas Breault Jr.



Oliver Schad wrote:
> Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr: >> I am being forced to run software on my computer that I do not >> inherently trust. It is supposed to collect a few pieces of >> information, mainly my mac addresses and use the network. It is a >> one-time use CSA (client security agent). It uses a csh script to >> unpack a "proprietary binary" that we cannot see the source. There is >> no assurance it doesn't collect other information or change anything >> on my computer. > > If you don't trust this software don't use it in trusted environment > which includes trusted system and trusted network. > >> I was curious as to what is the best way to handle this and >> situations like these. In this instance, I was assuming downloading, >> and running on a LiveCD would seem like the best policy. > > Is your host in a trusted network? > >> What if it >> uses methods to discover that and I need to run it on my real >> installation? Is a chroot jail the next best thing? > >>From a chroot environment you can easily escape on a standard kernel. > Grsec offers a real chroot jail. > >> As far as I know, >> to make a chroot jail I merely copy programs and libraries inside a >> folder with the proper / hierarchy and chroot into it. Is it more >> complex than this and are there any guides? > > # esearch jail > > Best Regards > Oli >
- -- How do I know the past isn't fiction designed to account for the discrepancy between my immediate physical sensations and my state of mind? /~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> \ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) X Against HTML Key fingerprint: / \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzl7okqDBd8TkShkRAyY9AKDfJlalc++hxQO7C2c05UWquNfZxACg1h56 Z3g7bxK1AowT9FL+B2mXq0c= =rmk5 -----END PGP SIGNATURE----- -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Running untrusted software Oliver Schad <o.schad@×××.de>
Re: [gentoo-security] Running untrusted software Brandon Edens <brandon@××××××.edu>