LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   locking don't a binary program someone else wrote and compiled (https://www.linuxquestions.org/questions/linux-security-4/locking-dont-a-binary-program-someone-else-wrote-and-compiled-4175675545/)

Skaperen 05-19-2020 03:34 PM
locking don't a binary program someone else wrote and compiled
 
i need to run a program someone else wrote and compiled. i'm going to run it in its own userid. i'm still worried what it might do there. my greatest worry is about it doing something stealthy like send some info about me to its home server which it will be talking to. so my first concern is limiting what it can read. as the only user i have not locked down user reading that much. but, i guess i need to do that, now. i'm not worried so much about it trying to crash my system, because i'd know something happened. any suggestions that could shorten my work? i'm on Xubuntu 18.04 LTS with plans to upgrade to 20.04 next month.

edit:

the subject should be s/don't/down/

shruggy 05-19-2020 03:37 PM
LXC? Or, if LXC seems too much for this, just a chroot jail? Firejail is packaged for Ubuntu.

Skaperen 05-21-2020 01:24 PM
i think i can build a chroot jail for it. it needs lots of libraries but i have built a full replica with a /home subset before. i'll just try it, again.

Keith Hedger 05-21-2020 02:29 PM
just run it on a virtual machine.


All times are GMT -5. The time now is 04:17 AM.