Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=Windows-1252">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6603.0">
<TITLE>RE: [gentoo-security] Running untrusted software</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>A good host based IDS (file integrity monitoring system) would record any system level changes made. IT should be fairly trivial to start of with a sterile environment prior to running your CSA and inspecting the environment afterwards.<BR>
<BR>
Try Tripwire or AID.<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Douglas Breault Jr. on behalf of Douglas Breault Jr<BR>
Sent: Wed 1/18/2006 8:58 AM<BR>
To: gentoo-security@g.o<BR>
Cc: <BR>
Subject: [gentoo-security] Running untrusted software<BR>
-----BEGIN PGP SIGNED MESSAGE-----<BR>
Hash: RIPEMD160<BR>
<BR>
Hello,<BR>
<BR>
I am being forced to run software on my computer that I do not<BR>
inherently trust. It is supposed to collect a few pieces of information,<BR>
mainly my mac addresses and use the network. It is a one-time use CSA<BR>
(client security agent). It uses a csh script to unpack a "proprietary<BR>
binary" that we cannot see the source. There is no assurance it doesn't<BR>
collect other information or change anything on my computer.<BR>
<BR>
I was curious as to what is the best way to handle this and situations<BR>
like these. In this instance, I was assuming downloading, and running on<BR>
a LiveCD would seem like the best policy. What if it uses methods to<BR>
discover that and I need to run it on my real installation? Is a chroot<BR>
jail the next best thing? As far as I know, to make a chroot jail I<BR>
merely copy programs and libraries inside a folder with the proper /<BR>
hierarchy and chroot into it. Is it more complex than this and are there<BR>
any guides?<BR>
<BR>
Any and all suggestions are welcome.<BR>
<BR>
Thank you,<BR>
Douglas Breault Jr.<BR>
<BR>
- --<BR>
How do I know the past isn't fiction designed to account for the discrepancy<BR>
between my immediate physical sensations and my state of mind?<BR>
<BR>
/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net><BR>
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu)<BR>
X Against HTML Key fingerprint:<BR>
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19<BR>
-----BEGIN PGP SIGNATURE-----<BR>
Version: GnuPG v1.4.2 (GNU/Linux)<BR>
<BR>
iD8DBQFDzleMkqDBd8TkShkRA1l4AKC2W54KDDwSN9MXKzodtN+v917BHgCfVsZJ<BR>
TPF6ZYn/ynJ5F9HZ45EtuPs=<BR>
=yPaH<BR>
-----END PGP SIGNATURE-----<BR>
--<BR>
gentoo-security@g.o mailing list<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML> |
|
