1 |
Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr: |
2 |
> I am being forced to run software on my computer that I do not |
3 |
> inherently trust. It is supposed to collect a few pieces of |
4 |
> information, mainly my mac addresses and use the network. It is a |
5 |
> one-time use CSA (client security agent). It uses a csh script to |
6 |
> unpack a "proprietary binary" that we cannot see the source. There is |
7 |
> no assurance it doesn't collect other information or change anything |
8 |
> on my computer. |
9 |
|
10 |
If you don't trust this software don't use it in trusted environment |
11 |
which includes trusted system and trusted network. |
12 |
|
13 |
> I was curious as to what is the best way to handle this and |
14 |
> situations like these. In this instance, I was assuming downloading, |
15 |
> and running on a LiveCD would seem like the best policy. |
16 |
|
17 |
Is your host in a trusted network? |
18 |
|
19 |
> What if it |
20 |
> uses methods to discover that and I need to run it on my real |
21 |
> installation? Is a chroot jail the next best thing? |
22 |
|
23 |
>From a chroot environment you can easily escape on a standard kernel. |
24 |
Grsec offers a real chroot jail. |
25 |
|
26 |
> As far as I know, |
27 |
> to make a chroot jail I merely copy programs and libraries inside a |
28 |
> folder with the proper / hierarchy and chroot into it. Is it more |
29 |
> complex than this and are there any guides? |
30 |
|
31 |
# esearch jail |
32 |
|
33 |
Best Regards |
34 |
Oli |
35 |
|
36 |
-- |
37 |
gentoo-security@g.o mailing list |