List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Wednesday 18 January 2006 08:58 am, Douglas Breault Jr wrote:
> I am being forced to run software on my computer that I do not
> inherently trust. It is supposed to collect a few pieces of information,
> mainly my mac addresses and use the network. It is a one-time use CSA
> (client security agent). It uses a csh script to unpack a "proprietary
> binary" that we cannot see the source. There is no assurance it doesn't
> collect other information or change anything on my computer.
If I were in your shoes I would begin a forensic analysis. You may use the
commands strings and objdump against a binary executable, but if they are
serious, these may allude you. As well, if you can run the program freely or
in a sandbox of some sort then you could use tools such as lsof, ltrace,
strace, and tcpdump.
> I was curious as to what is the best way to handle this and situations
> like these. In this instance, I was assuming downloading, and running on
> a LiveCD would seem like the best policy. What if it uses methods to
> discover that and I need to run it on my real installation? Is a chroot
> jail the next best thing? As far as I know, to make a chroot jail I
> merely copy programs and libraries inside a folder with the proper /
> hierarchy and chroot into it. Is it more complex than this and are there
> any guides?
Perhaps a virtual server may be favorable...
A possible solution might be linux vserver. It's a little bit of an advanced
chroot. This would respond with the proper MAC, and there would be some
control on what it actually sees. Here is info on vservers:
UML (usermode linux) might be another possibility, and there's quite a bit
along the lines of forensics support in the community as quite a few people
use it for honeypots. In taking this approach you could monitor the
activities of the binary _very_ closely.
> How do I know the past isn't fiction designed to account for the
> discrepancy between my immediate physical sensations and my state of mind?
email@example.com mailing list