Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Brandon Edens <brandon@...>
Subject: Re: Running untrusted software
Date: Wed, 18 Jan 2006 11:28:22 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 18, 2006 at 10:29:47AM -0500, Douglas Breault Jr wrote:

> I need to run this CSA in order to gain access to the network. I don't
> trust the network much either, but I am always using OpenVPN, which I
> trust completely. Currently I can access the network, and ergo my vpn
> without this, but after the 26th that all changes.
> 
> I will definitely look into grsec but it seems complicated. Regardless I
> require a viable solution and I will take the steps necessary,
> regardless of complication.

I've used grsec in the past (something like 1-2 years ago) and it wasn't that
complicated. I've also experimented with the hardened project running on a
multi-user server. We ran into issues with software breakage so we backed off.
I'm sure they've gotten lots of those problems fixed by now and might be quite
useful in a hostile environment. You could also explore machine virtualization,
ie Xen/"User Mode Linux". That'd give you the "clean room" environment needed to
explore what your binary might do during operation.

> Is there a way to try and trace what the binary wants to do? I'm aware i
> could run strace on it and ethereal to capture what it transmits... But
> is there more I can do?

Your basic tools for analyzing binaries are strace, lstrace, lsof, netcat,
strings. That binary is hopefully statically compiled so ltrace won't be as
useful. Definitely make sure to run strings on it and see if you can spot any
pertinent comments. You might get some use out of gdb if they left some
debugging symbols when compiling.

Brandon Edens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDzmym4fsYS1VDj0gRAnXoAKCas91U0nGckitZeLhPUlDdVnVhNACfWxbt
1CqzJdp64x0aDOI/QXjUTVo=
=ahLf
-----END PGP SIGNATURE-----

-- 
gentoo-security@g.o mailing list


References:
Running untrusted software
-- Douglas Breault Jr
Re: Running untrusted software
-- Oliver Schad
Re: Running untrusted software
-- Douglas Breault Jr
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Running untrusted software
Next by thread:
Re: Running untrusted software
Previous by date:
Re: Running untrusted software
Next by date:
Re: Running untrusted software


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.