| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: RIPEMD160 |
| 3 |
|
| 4 |
I need to run this CSA in order to gain access to the network. I don't |
| 5 |
trust the network much either, but I am always using OpenVPN, which I |
| 6 |
trust completely. Currently I can access the network, and ergo my vpn |
| 7 |
without this, but after the 26th that all changes. |
| 8 |
|
| 9 |
I will definitely look into grsec but it seems complicated. Regardless I |
| 10 |
require a viable solution and I will take the steps necessary, |
| 11 |
regardless of complication. |
| 12 |
|
| 13 |
Is there a way to try and trace what the binary wants to do? I'm aware i |
| 14 |
could run strace on it and ethereal to capture what it transmits... But |
| 15 |
is there more I can do? |
| 16 |
|
| 17 |
Thanks, |
| 18 |
Douglas Breault Jr. |
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
Oliver Schad wrote: |
| 23 |
> Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr: |
| 24 |
>> I am being forced to run software on my computer that I do not |
| 25 |
>> inherently trust. It is supposed to collect a few pieces of |
| 26 |
>> information, mainly my mac addresses and use the network. It is a |
| 27 |
>> one-time use CSA (client security agent). It uses a csh script to |
| 28 |
>> unpack a "proprietary binary" that we cannot see the source. There is |
| 29 |
>> no assurance it doesn't collect other information or change anything |
| 30 |
>> on my computer. |
| 31 |
> |
| 32 |
> If you don't trust this software don't use it in trusted environment |
| 33 |
> which includes trusted system and trusted network. |
| 34 |
> |
| 35 |
>> I was curious as to what is the best way to handle this and |
| 36 |
>> situations like these. In this instance, I was assuming downloading, |
| 37 |
>> and running on a LiveCD would seem like the best policy. |
| 38 |
> |
| 39 |
> Is your host in a trusted network? |
| 40 |
> |
| 41 |
>> What if it |
| 42 |
>> uses methods to discover that and I need to run it on my real |
| 43 |
>> installation? Is a chroot jail the next best thing? |
| 44 |
> |
| 45 |
>>From a chroot environment you can easily escape on a standard kernel. |
| 46 |
> Grsec offers a real chroot jail. |
| 47 |
> |
| 48 |
>> As far as I know, |
| 49 |
>> to make a chroot jail I merely copy programs and libraries inside a |
| 50 |
>> folder with the proper / hierarchy and chroot into it. Is it more |
| 51 |
>> complex than this and are there any guides? |
| 52 |
> |
| 53 |
> # esearch jail |
| 54 |
> |
| 55 |
> Best Regards |
| 56 |
> Oli |
| 57 |
> |
| 58 |
|
| 59 |
|
| 60 |
- -- |
| 61 |
How do I know the past isn't fiction designed to account for the discrepancy |
| 62 |
between my immediate physical sensations and my state of mind? |
| 63 |
|
| 64 |
/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> |
| 65 |
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) |
| 66 |
X Against HTML Key fingerprint: |
| 67 |
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 |
| 68 |
-----BEGIN PGP SIGNATURE----- |
| 69 |
Version: GnuPG v1.4.2 (GNU/Linux) |
| 70 |
|
| 71 |
iD8DBQFDzl7okqDBd8TkShkRAyY9AKDfJlalc++hxQO7C2c05UWquNfZxACg1h56 |
| 72 |
Z3g7bxK1AowT9FL+B2mXq0c= |
| 73 |
=rmk5 |
| 74 |
-----END PGP SIGNATURE----- |
| 75 |
-- |
| 76 |
gentoo-security@g.o mailing list |
Archives