Sometimes I have to use some propriety softwares which I don't trust or even pre-compiled open source ones which I don't know if they've been compiled as their source are.
Lets say we installed a propriety application in /opt/software, then we run it as a normal user (without sudo, gksudo, etc).
- I know when we run a program it is able to connect to the Internet, monitor X, keystrokes, collect user data and so on.
- It can't change anything important in the system or infect the system, (because of the Linux permissions system).
- It is possible for program to add some plug-in/extension to a user's browser (Because browser profiles are available in user home directory).
- After closing the program and rebooting it can't do anything anymore. Wrong because:
- Program can add itself to a shell/file/directory which does the autostart process, so it will run at any login.
- If we consider the autostart process clean, without rebooting there is a chance that a process of the program is still active.
- Programs can delete or modify any file in the user home directory (or any other file which a user has write permission to).
So what should we do?
- I think the only safe way to run a propriety program is running it as another user.
- If running the program as another user somehow is not possible then we should change the autostart files permission so only root can change them. then after closing the program a reboot will do the job.
Am I right? Is there anything that I'm missing?
Running untrusted software as a new user is a good start, but it may not be enough.
A lot of files and devices you may consider sensitive are world-readable. Even as an unprivileged user, you can extract a lot of information out of a system (typically you can read
/etc
for a start).You may not have your own stuff configured properly. For instance, have you made absolutely sure that this "super-secret-passwords.txt" file is not readable by everyone? And what about this buggy piece of old software running as yourself or root - are you sure it's not writing anything sensitive to disk?
Code running as
nobody
can go on the internet and download tasks, execute code on your system.Sometimes a socket on your local system (a unix domain socket) used for inter process communication may not be secured properly (sometimes for good reason), and any process can read and write on it.
Practically, there are things you can do.
You can absolutely check that the program doesn't start anything at boot time. It'll be tedious and you need to understand your system really well though. There are lots of ways a service can be started automatically. (Note: if the program ever ran as root, all bets are off since it could have modified the init system to hide itself)
Top tips for running terrible software
If you can avoid it at all, don't run anything you can't trust. At least make sure you are making a sound trade-off. Complexity is the enemy of security. The only line of code that's guaranteed to be secure is the line you never run. :)
Setting up VMs is pretty easy (VirtualBox is great if you don't want to set up any virtualisation infrastructure). This means you'll have a machine that contains no sensitive data (you'd need to have put it there) and you can control the resources it uses. This doesn't give you complete protection of course (It could do things like flood your web server with requests, log in to your lightbulbs via telnet, and so on, plus bugs that let malicious software escape a virtual machines are not very common, but they do happen sometimes).
Containers (LXD, Docker) offer some security for running code on your local machine. They are not perfect. But an unprivileged container provides file system isolation for your program, which is something. Securing containers properly is an art and a science, but it's getting rapidly easier.
This is only slightly relevant to your question, but you can sometimes avoid running old, terrible software, or software that is just complex and difficult to secure properly, by using a third party service. Email is a good example of this. I would not trust myself to have the patience and spare time to host and maintain my own email server. It's a lot of work to keep things like this secure.
As a last resort, and if you feel the trade-off is worth it, run the program with a new user account specially created for that purpose. I do this with software I trust.
Option 1 is the best. :)
General advice