A good host based IDS (file integrity monitoring system) would record any system level changes made. IT should be fairly trivial to start of with a sterile environment prior to running your CSA and inspecting the environment afterwards.
Try Tripwire or AID.
-----Original Message-----
From: Douglas Breault Jr. on behalf of Douglas Breault Jr
Sent: Wed 1/18/2006 8:58 AM
To: gentoo-security@lists.gentoo.org
Cc:
Subject: [gentoo-security] Running untrusted software
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hello,
I am being forced to run software on my computer that I do not
inherently trust. It is supposed to collect a few pieces of information,
mainly my mac addresses and use the network. It is a one-time use CSA
(client security agent). It uses a csh script to unpack a "proprietary
binary" that we cannot see the source. There is no assurance it doesn't
collect other information or change anything on my computer.
I was curious as to what is the best way to handle this and situations
like these. In this instance, I was assuming downloading, and running on
a LiveCD would seem like the best policy. What if it uses methods to
discover that and I need to run it on my real installation? Is a chroot
jail the next best thing? As far as I know, to make a chroot jail I
merely copy programs and libraries inside a folder with the proper /
hierarchy and chroot into it. Is it more complex than this and are there
any guides?
Any and all suggestions are welcome.
Thank you,
Douglas Breault Jr.
- --
How do I know the past isn't fiction designed to account for the discrepancy
between my immediate physical sensations and my state of mind?
/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net>
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu)
X Against HTML Key fingerprint:
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDzleMkqDBd8TkShkRA1l4AKC2W54KDDwSN9MXKzodtN+v917BHgCfVsZJ
TPF6ZYn/ynJ5F9HZ45EtuPs=
=yPaH
-----END PGP SIGNATURE-----
--
gentoo-security@gentoo.org mailing list
RE: [gentoo-security] Running untrusted software
Johnson, Maurice E CTR NSWCDL-K74 Wed, 18 Jan 2006 07:33:47 -0800
Title: RE: [gentoo-security] Running untrusted software
- [gentoo-security] Running untrusted soft... Douglas Breault Jr
- Re: [gentoo-security] Running untru... Oliver Schad
- Re: [gentoo-security] Running u... Douglas Breault Jr
- Re: [gentoo-security] Runni... Oliver Schad
- Re: [gentoo-security] Runni... Brandon Edens
- Re: [gentoo-security] Running untru... Robert Larson
- Re: [gentoo-security] Running untru... Robert Larson
- RE: [gentoo-security] Running untru... Johnson, Maurice E CTR NSWCDL-K74
- Re: [gentoo-security] Running u... Oliver Schad
