List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
<div><span class="gmail_quote">On 1/18/06, <b class="gmail_sendername">Oliver Schad</b> <<a href="mailto:o.schad@...">o.schad@...</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr:<br>> I am being forced to run software on my computer that I do not
<br>> inherently trust. It is supposed to collect a few pieces of<br>> information, mainly my mac addresses and use the network. It is a<br>> one-time use CSA (client security agent). It uses a csh script to<br>> unpack a "proprietary binary" that we cannot see the source. There is
<br>> no assurance it doesn't collect other information or change anything<br>> on my computer.<br><br>If you don't trust this software don't use it in trusted environment<br>which includes trusted system and trusted network.
<br><br>> I was curious as to what is the best way to handle this and<br>> situations like these. In this instance, I was assuming downloading,<br>> and running on a LiveCD would seem like the best policy.<br><br>
Is your host in a trusted network?<br><br>> What if it<br>> uses methods to discover that and I need to run it on my real<br>> installation? Is a chroot jail the next best thing?<br><br>From a chroot environment you can easily escape on a standard kernel.
<br>Grsec offers a real chroot jail.</blockquote>
<div>Can you explain further please? How can an intruder bypass a chrooted enviroment *easilly*?</div><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> As far as I know,<br>> to make a chroot jail I merely copy programs and libraries inside a<br>> folder with the proper / hierarchy and chroot into it. Is it more
<br>> complex than this and are there any guides?<br><br># esearch jail<br><br>Best Regards<br>Oli<br><br>--<br><a href="mailto:firstname.lastname@example.org">email@example.com</a> mailing list<br><br></blockquote>
</div><br><br clear="all"><br>-- <br>Panagiotis