[clue] tonido
Jason Friedman
jason at powerpull.net
Thu Oct 4 11:16:19 MDT 2012
>> The download is a .deb file. Can this be installed as someone other
>> than root? If not, how does one evaluate the entity providing the
>> download ... how would I know who to trust?
>
> You don't know who to trust, nor can you. :-)
What concerns me most is that installing will create a rogue process.
I know I can use "ps" to examine processes, but I also suppose that
installing this software could replace my "ps" with the attacker's
version.
I was thinking that, before I installed this package, I would take an
md5sum of the ps executable and a snapshot of a ps output. After
installing I would check the md5sum and, assuming it matched the
previous output, check my ps listing. If nothing new was running then
I could be reasonable certain nothing bad happened.
Make sense?
More information about the clue
mailing list