[clue] tonido
David L. Anselmi
anselmi at anselmi.us
Thu Oct 4 18:55:30 MDT 2012
Jason Friedman wrote:
>>> The download is a .deb file. Can this be installed as someone other
>>> than root? If not, how does one evaluate the entity providing the
>>> download ... how would I know who to trust?
>>
>> You don't know who to trust, nor can you. :-)
>
> but I also suppose that installing this software could replace my "ps" with the attacker's
> version.
[...]
> I was thinking that, before I installed this package, I would take an
> md5sum of the ps executable and a snapshot of a ps output.
Sure, unless they replace your md5sum too. And installing as non-root doesn't help because they've
included an exploit to get root as well.
If you're worried about any of that, don't use the software. It doesn't seem to be Free so it isn't
that interesting anyway. Or if you insist, use an isolated machine on an instrumented network (it's
easier to identify misbehavior from the outside I think). At least run it in a VM that doesn't
contain anything you care about.
Rather than worry about what the software might do to you, go have a look at their user community.
Are they happy with it? Any complaints? Anyone bright enough to think about malware and notice
unusual behavior? Is there enough detail about their protocol that you could understand whether it
is behaving correctly?
Dave
More information about the clue
mailing list