Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Douglas Breault Jr <GenKreton@...>
Subject: Running untrusted software
Date: Wed, 18 Jan 2006 09:58:23 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hello,

I am being forced to run software on my computer that I do not
inherently trust. It is supposed to collect a few pieces of information,
mainly my mac addresses and use the network. It is a one-time use CSA
(client security agent). It uses a csh script to unpack a "proprietary
binary" that we cannot see the source. There is no assurance it doesn't
collect other information or change anything on my computer.

I was curious as to what is the best way to handle this and situations
like these. In this instance, I was assuming downloading, and running on
a LiveCD would seem like the best policy. What if it uses methods to
discover that and I need to run it on my real installation? Is a chroot
jail the next best thing? As far as I know, to make a chroot jail I
merely copy programs and libraries inside a folder with the proper /
hierarchy and chroot into it. Is it more complex than this and are there
any guides?

Any and all suggestions are welcome.

Thank you,
Douglas Breault Jr.

- --
How do I know the past isn't fiction designed to account for the discrepancy
between my immediate physical sensations and my state of mind?

/~\ The ASCII        Douglas Breault Jr. <GenKreton at comcast dot net>
\ / Ribbon Campaign  GnuPG public key ID: C4E44A19 (pgp.mit.edu)
 X  Against HTML     Key fingerprint:
/ \ Email!           21C3 F37D A8F5 1955 05F2  9A69 92A0 C177 C4E4 4A19
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDzleMkqDBd8TkShkRA1l4AKC2W54KDDwSN9MXKzodtN+v917BHgCfVsZJ
TPF6ZYn/ynJ5F9HZ45EtuPs=
=yPaH
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


Replies:
Re: Running untrusted software
-- Robert Larson
Re: Running untrusted software
-- Robert Larson
Re: Running untrusted software
-- Oliver Schad
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[no subject]
Next by thread:
Re: Running untrusted software
Previous by date:
Re:
Next by date:
Re: Running untrusted software


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.