2024 Avtor: Peter John Melton | [email protected]. Nazadnje spremenjeno: 2023-12-16 04:45
Današnja seja vprašanj in odgovorov se nam je zahvalila SuperUserju, ki je razdeljena na Stack Exchange, skupinsko spletno stran Q & A.
Vprašanje
Čitalnik SuperUserja Emanuele želi vedeti, kako varno zaženiti nezanesljivo izvršljivo datoteko na Linuxu:
I have downloaded an executable file compiled by a third party and I need to run it on my system (Ubuntu Linux 16.04, x64) with full access to HW resources such as the CPU and GPU (through the NVIDIA drivers).
Suppose this executable file contains a virus or backdoor, how should I run it? Should I create a new user profile, run it, then delete the user profile?
Kako varno upravljate nezanesljivo izvršljivo datoteko na Linuxu?
Odgovor
Odgovorni za SuperUser Shiki in Emanuele imajo odgovor za nas. Najprej, Shiki:
First and foremost, if it is a very high risk binary file, you would have to set up an isolated physical machine, run the binary file, then physically destroy the hard drive, the motherboard, and basically all the rest because in this day and age, even your robot vacuum can spread malware. And what if the program already infected your microwave through the computer’s speakers using high-frequency data transmitting?!
But let’s take off that tinfoil hat and jump back to reality for a bit.
No Virtualization – Quick to Use
Firejail
I had to run a similar untrusted binary file just a few days ago and my search led to this very cool small program. It is already packaged for Ubuntu, very small, and has virtually no dependencies. You can install it on Ubuntu using: sudo apt-get install firejail
Package info:
Virtualization
KVM or Virtualbox
This is the safest bet depending on the binary, but hey, see above. If it has been sent by “Mr. Hacker” who is a black belt, black hat programmer, there is a chance that the binary can escape a virtualized environment.
Malware Binary – Cost Saver Method
Rent a virtual machine! For example, virtual server providers like Amazon (AWS), Microsoft (Azure), DigitalOcean, Linode, Vultr, and Ramnode. You rent the machine, run whatever you need, then they will wipe it out. Most of the bigger providers bill by the hour, so it really is cheap.
Sledi odgovor Emanueleja:
A word of caution. Firejail is OK, but one has to be extremely careful in specifying all the options in terms of the blacklist and whitelist. By default, it does not do what is cited in this Linux Magazine article. Firejail’s author has also left some comments about known issues at Github.
Be extremely careful when you use it, it might give you a false sense of security without the right options.
Imate kaj dodati k razlagi? Zvok v komentarjih. Želite prebrati več odgovorov od drugih uporabniških članov stack Exchange? Oglejte si celotno temo za razpravo tukaj.
Podoba slike: Prison Cell Clip Art (Clker.com)
Priporočena:
Kako hitro ustvariti besedilno datoteko s pomočjo ukazne vrstice v Linuxu
Če ste oseba s tipkovnico, lahko dosežete veliko stvari samo z ukazno vrstico Linux. Na primer, obstaja nekaj enostavnih metod za ustvarjanje besedilnih datotek, če bi to morali storiti.
Katere aplikacije lahko dejansko zaženete na Linuxu?
Chromebooki zdaj lahko uporabljajo programe za namizne računalnike v Linuxu in svojim uporabnikom Chrome OS ponujajo povsem novo vesolje programske opreme. Lahko tudi namestite Linux distribucijo, kot je Ubuntu na vašem računalniku. Toda katere aplikacije so na voljo za Linux?
Kako narediti Zip datoteko z istim imenom kot izbrano datoteko
Če za ustvarjanje zip datotek uporabljate stisnjene mape vgrajene v Windows, ste morda opazili, da ustvarja datoteko z istim imenom kot izbrano datoteko, kar postane čudno, ko izberete več datotek. Kako izbrati pravo ime.
Kakšna je razlika med samostojno in nameščeno izvršljivo datoteko?
Čeprav je večina od nas zadovoljna, da gredo z »preizkušenim in resničnim« procesom namestitve izvršljivih datotek za najljubšo programsko opremo, ali je to res potrebno? Ali lahko dejansko izvlečemo te iste izvršne datoteke namesto jih namestimo in jih vodimo enako kot samostojni bratranci?
Kako varno in varno odstraniti stare računalnike
Računalniki vsebujejo podatke, ki se lahko uporabljajo proti vam. Članek razlaga, kako preoblikovati ali odstraniti stare računalnike brez strahu pred krajo podatkov.