Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Robert Larson <robert@...>
Subject: Re: Running untrusted software
Date: Wed, 18 Jan 2006 10:14:48 -0600
On Wednesday 18 January 2006 08:58 am, Douglas Breault Jr wrote:
> Hello,
Hello!

> I am being forced to run software on my computer that I do not
> inherently trust. It is supposed to collect a few pieces of information,
> mainly my mac addresses and use the network. It is a one-time use CSA
> (client security agent). It uses a csh script to unpack a "proprietary
> binary" that we cannot see the source. There is no assurance it doesn't
> collect other information or change anything on my computer.
If I were in your shoes I would begin a forensic analysis.  You may use the 
commands strings and objdump against a binary executable, but if they are 
serious, these may allude you.  As well, if you can run the program freely or 
in a sandbox of some sort then you could use tools such as lsof, ltrace, 
strace, and tcpdump.

> I was curious as to what is the best way to handle this and situations
> like these. In this instance, I was assuming downloading, and running on
> a LiveCD would seem like the best policy. What if it uses methods to
> discover that and I need to run it on my real installation? Is a chroot
> jail the next best thing? As far as I know, to make a chroot jail I
> merely copy programs and libraries inside a folder with the proper /
> hierarchy and chroot into it. Is it more complex than this and are there
> any guides?
Perhaps a virtual server may be favorable...

A possible solution might be linux vserver.  It's a little bit of an advanced 
chroot.  This would respond with the proper MAC, and there would be some 
control on what it actually sees.  Here is info on vservers:
http://linux-vserver.org/short+presentation
http://www.gentoo.org/doc/en/vserver-howto.xml

UML (usermode linux) might be another possibility, and there's quite a bit 
along the lines of forensics support in the community as quite a few people 
use it for honeypots.  In taking this approach you could monitor the 
activities of the binary _very_ closely.

> --
> How do I know the past isn't fiction designed to account for the
> discrepancy between my immediate physical sensations and my state of mind?
Hehe, nice!

HTH,

Robert Larson
-- 
gentoo-security@g.o mailing list


References:
Running untrusted software
-- Douglas Breault Jr
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Running untrusted software
Next by thread:
Re: Running untrusted software
Previous by date:
Re: Running untrusted software
Next by date:
Re: Running untrusted software


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.