-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello,
I am being forced to run software on my computer that I do not inherently trust. It is supposed to collect a few pieces of information, mainly my mac addresses and use the network. It is a one-time use CSA (client security agent). It uses a csh script to unpack a "proprietary binary" that we cannot see the source. There is no assurance it doesn't collect other information or change anything on my computer. I was curious as to what is the best way to handle this and situations like these. In this instance, I was assuming downloading, and running on a LiveCD would seem like the best policy. What if it uses methods to discover that and I need to run it on my real installation? Is a chroot jail the next best thing? As far as I know, to make a chroot jail I merely copy programs and libraries inside a folder with the proper / hierarchy and chroot into it. Is it more complex than this and are there any guides? Any and all suggestions are welcome. Thank you, Douglas Breault Jr. - -- How do I know the past isn't fiction designed to account for the discrepancy between my immediate physical sensations and my state of mind? /~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> \ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) X Against HTML Key fingerprint: / \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzleMkqDBd8TkShkRA1l4AKC2W54KDDwSN9MXKzodtN+v917BHgCfVsZJ TPF6ZYn/ynJ5F9HZ45EtuPs= =yPaH -----END PGP SIGNATURE----- -- gentoo-security@gentoo.org mailing list
