1 |
Hello, |
2 |
|
3 |
On 1/18/06, Oliver Schad <o.schad@×××.de> wrote: |
4 |
> |
5 |
> Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr: |
6 |
> > I am being forced to run software on my computer that I do not |
7 |
> > inherently trust. It is supposed to collect a few pieces of |
8 |
> > information, mainly my mac addresses and use the network. It is a |
9 |
> > one-time use CSA (client security agent). It uses a csh script to |
10 |
> > unpack a "proprietary binary" that we cannot see the source. There is |
11 |
> > no assurance it doesn't collect other information or change anything |
12 |
> > on my computer. |
13 |
> |
14 |
> If you don't trust this software don't use it in trusted environment |
15 |
> which includes trusted system and trusted network. |
16 |
> |
17 |
> > I was curious as to what is the best way to handle this and |
18 |
> > situations like these. In this instance, I was assuming downloading, |
19 |
> > and running on a LiveCD would seem like the best policy. |
20 |
> |
21 |
> Is your host in a trusted network? |
22 |
> |
23 |
> > What if it |
24 |
> > uses methods to discover that and I need to run it on my real |
25 |
> > installation? Is a chroot jail the next best thing? |
26 |
> |
27 |
> From a chroot environment you can easily escape on a standard kernel. |
28 |
> Grsec offers a real chroot jail. |
29 |
|
30 |
|
31 |
|
32 |
Can you explain further please? How can an intruder bypass a chrooted |
33 |
enviroment *easilly*? |
34 |
|
35 |
> As far as I know, |
36 |
> > to make a chroot jail I merely copy programs and libraries inside a |
37 |
> > folder with the proper / hierarchy and chroot into it. Is it more |
38 |
> > complex than this and are there any guides? |
39 |
> |
40 |
> # esearch jail |
41 |
> |
42 |
> Best Regards |
43 |
> Oli |
44 |
> |
45 |
> -- |
46 |
> gentoo-security@g.o mailing list |
47 |
> |
48 |
> |
49 |
|
50 |
|
51 |
-- |
52 |
Panagiotis |