Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Panagiotis Atmatzidis <p.atmatzidis@...>
Subject: Re: Running untrusted software
Date: Sat, 21 Jan 2006 21:48:31 +0100
Hello,<br><br>
<div><span class="gmail_quote">On 1/18/06, <b class="gmail_sendername">Oliver Schad</b> &lt;<a href="mailto:o.schad@...">o.schad@...</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr:<br>&gt; I am being forced to run software on my computer that I do not
<br>&gt; inherently trust. It is supposed to collect a few pieces of<br>&gt; information, mainly my mac addresses and use the network. It is a<br>&gt; one-time use CSA (client security agent). It uses a csh script to<br>&gt; unpack a &quot;proprietary binary&quot; that we cannot see the source. There is
<br>&gt; no assurance it doesn't collect other information or change anything<br>&gt; on my computer.<br><br>If you don't trust this software don't use it in trusted environment<br>which includes trusted system and trusted network.
<br><br>&gt; I was curious as to what is the best way to handle this and<br>&gt; situations like these. In this instance, I was assuming downloading,<br>&gt; and running on a LiveCD would seem like the best policy.<br><br>
Is your host in a trusted network?<br><br>&gt; What if it<br>&gt; uses methods to discover that and I need to run it on my real<br>&gt; installation? Is a chroot jail the next best thing?<br><br>From a chroot environment you can easily escape on a standard kernel.
<br>Grsec offers a real chroot jail.</blockquote>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>Can you explain further please? How can an intruder bypass a chrooted enviroment *easilly*?</div><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">&gt; As far as I know,<br>&gt; to make a chroot jail I merely copy programs and libraries inside a<br>&gt; folder with the proper / hierarchy and chroot into it. Is it more
<br>&gt; complex than this and are there any guides?<br><br># esearch jail<br><br>Best Regards<br>Oli<br><br>--<br><a href="mailto:gentoo-security@g.o">gentoo-security@g.o</a> mailing list<br><br></blockquote>
</div><br><br clear="all"><br>-- <br>Panagiotis 
References:
Running untrusted software
-- Douglas Breault Jr
Re: Running untrusted software
-- Oliver Schad
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Running untrusted software
Next by thread:
Re: Running untrusted software
Previous by date:
Re: Running untrusted software
Next by date:
invalid section : "db"


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.