Gentoo Archives: gentoo-security

From: Douglas Breault Jr <GenKreton@×××××××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 15:10:45
2 Hash: RIPEMD160
4 Hello,
6 I am being forced to run software on my computer that I do not
7 inherently trust. It is supposed to collect a few pieces of information,
8 mainly my mac addresses and use the network. It is a one-time use CSA
9 (client security agent). It uses a csh script to unpack a "proprietary
10 binary" that we cannot see the source. There is no assurance it doesn't
11 collect other information or change anything on my computer.
13 I was curious as to what is the best way to handle this and situations
14 like these. In this instance, I was assuming downloading, and running on
15 a LiveCD would seem like the best policy. What if it uses methods to
16 discover that and I need to run it on my real installation? Is a chroot
17 jail the next best thing? As far as I know, to make a chroot jail I
18 merely copy programs and libraries inside a folder with the proper /
19 hierarchy and chroot into it. Is it more complex than this and are there
20 any guides?
22 Any and all suggestions are welcome.
24 Thank you,
25 Douglas Breault Jr.
27 - --
28 How do I know the past isn't fiction designed to account for the discrepancy
29 between my immediate physical sensations and my state of mind?
31 /~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net>
32 \ / Ribbon Campaign GnuPG public key ID: C4E44A19 (
33 X Against HTML Key fingerprint:
34 / \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19
36 Version: GnuPG v1.4.2 (GNU/Linux)
38 iD8DBQFDzleMkqDBd8TkShkRA1l4AKC2W54KDDwSN9MXKzodtN+v917BHgCfVsZJ
39 TPF6ZYn/ynJ5F9HZ45EtuPs=
40 =yPaH
41 -----END PGP SIGNATURE-----
42 --
43 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Running untrusted software Oliver Schad <o.schad@×××.de>
Re: [gentoo-security] Running untrusted software Robert Larson <robert@×××××××××.com>
Re: [gentoo-security] Running untrusted software Robert Larson <robert@×××××××××.com>