Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 15:25:01
Message-Id: 200601181614.59234.o.schad@web.de
In Reply to: [gentoo-security] Running untrusted software by Douglas Breault Jr
Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr:
> I am being forced to run software on my computer that I do not > inherently trust. It is supposed to collect a few pieces of > information, mainly my mac addresses and use the network. It is a > one-time use CSA (client security agent). It uses a csh script to > unpack a "proprietary binary" that we cannot see the source. There is > no assurance it doesn't collect other information or change anything > on my computer.
If you don't trust this software don't use it in trusted environment which includes trusted system and trusted network.
> I was curious as to what is the best way to handle this and > situations like these. In this instance, I was assuming downloading, > and running on a LiveCD would seem like the best policy.
Is your host in a trusted network?
> What if it > uses methods to discover that and I need to run it on my real > installation? Is a chroot jail the next best thing?
>From a chroot environment you can easily escape on a standard kernel.
Grsec offers a real chroot jail.
> As far as I know, > to make a chroot jail I merely copy programs and libraries inside a > folder with the proper / hierarchy and chroot into it. Is it more > complex than this and are there any guides?
# esearch jail Best Regards Oli -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Running untrusted software Douglas Breault Jr <GenKreton@×××××××.net>
Re: [gentoo-security] Running untrusted software Panagiotis Atmatzidis <p.atmatzidis@×××××.com>