[mvanotti]

Thanks :)

Actually, this lib needs root access in the computer. It is intended to be used as a module in MIG (Mozilla InvestiGator), which is an agent that lives in servers and can receive commands.. So it is mostly the same, I think, except that the commands shouldn't return detailed information to the main server, but just yes/no answers, for example: "Is any of my servers running a vulnerable OpenSSL Version?"

Link to Mozilla Blog Post: https://blog.mozilla.org/security/2015/03/12/introducing-mas...

There's still a lot of work to do!

[zobzu]

yes what I meant is that MIG doesn't seem to give root access to the "investigator" through this. Of course the tool has to run as root.

GRR/osquery will actually let you run arbitrary code remotely.

[jvehent]

You are correct: MIG is designed to prevent a rogue investigator from executing random commands on systems. We do so by filtering what agents can run through modules, and by requiring OpenPGP signatures on all actions ran.

Even if the MIG platform is compromised, agents and systems are safe, as long as the keys of authorized investigators (kept on their laptops) are not compromised.