Gentoo Archives: gentoo-security

From: Brandon Edens <brandon@××××××.edu>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 16:38:53
In Reply to: Re: [gentoo-security] Running untrusted software by Douglas Breault Jr
2 Hash: SHA1
4 On Wed, Jan 18, 2006 at 10:29:47AM -0500, Douglas Breault Jr wrote:
6 > I need to run this CSA in order to gain access to the network. I don't
7 > trust the network much either, but I am always using OpenVPN, which I
8 > trust completely. Currently I can access the network, and ergo my vpn
9 > without this, but after the 26th that all changes.
10 >
11 > I will definitely look into grsec but it seems complicated. Regardless I
12 > require a viable solution and I will take the steps necessary,
13 > regardless of complication.
15 I've used grsec in the past (something like 1-2 years ago) and it wasn't that
16 complicated. I've also experimented with the hardened project running on a
17 multi-user server. We ran into issues with software breakage so we backed off.
18 I'm sure they've gotten lots of those problems fixed by now and might be quite
19 useful in a hostile environment. You could also explore machine virtualization,
20 ie Xen/"User Mode Linux". That'd give you the "clean room" environment needed to
21 explore what your binary might do during operation.
23 > Is there a way to try and trace what the binary wants to do? I'm aware i
24 > could run strace on it and ethereal to capture what it transmits... But
25 > is there more I can do?
27 Your basic tools for analyzing binaries are strace, lstrace, lsof, netcat,
28 strings. That binary is hopefully statically compiled so ltrace won't be as
29 useful. Definitely make sure to run strings on it and see if you can spot any
30 pertinent comments. You might get some use out of gdb if they left some
31 debugging symbols when compiling.
33 Brandon Edens
35 Version: GnuPG v1.4.2 (GNU/Linux)
37 iD8DBQFDzmym4fsYS1VDj0gRAnXoAKCas91U0nGckitZeLhPUlDdVnVhNACfWxbt
38 1CqzJdp64x0aDOI/QXjUTVo=
39 =ahLf
40 -----END PGP SIGNATURE-----
42 --
43 gentoo-security@g.o mailing list