Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 15:25:01
In Reply to: [gentoo-security] Running untrusted software by Douglas Breault Jr
1 Am Mittwoch, 18. Januar 2006 15:58 schrieb mir Douglas Breault Jr:
2 > I am being forced to run software on my computer that I do not
3 > inherently trust. It is supposed to collect a few pieces of
4 > information, mainly my mac addresses and use the network. It is a
5 > one-time use CSA (client security agent). It uses a csh script to
6 > unpack a "proprietary binary" that we cannot see the source. There is
7 > no assurance it doesn't collect other information or change anything
8 > on my computer.
10 If you don't trust this software don't use it in trusted environment
11 which includes trusted system and trusted network.
13 > I was curious as to what is the best way to handle this and
14 > situations like these. In this instance, I was assuming downloading,
15 > and running on a LiveCD would seem like the best policy.
17 Is your host in a trusted network?
19 > What if it
20 > uses methods to discover that and I need to run it on my real
21 > installation? Is a chroot jail the next best thing?
23 >From a chroot environment you can easily escape on a standard kernel.
24 Grsec offers a real chroot jail.
26 > As far as I know,
27 > to make a chroot jail I merely copy programs and libraries inside a
28 > folder with the proper / hierarchy and chroot into it. Is it more
29 > complex than this and are there any guides?
31 # esearch jail
33 Best Regards
34 Oli
36 --
37 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Running untrusted software Douglas Breault Jr <GenKreton@×××××××.net>
Re: [gentoo-security] Running untrusted software Panagiotis Atmatzidis <p.atmatzidis@×××××.com>