Why I don't like running as root (in Puppy)

For discussions about security.
Message
Author
User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#81 Post by trapster »

(paranoid)
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#82 Post by Pizzasgood »

O.K., so you keep all the stuff that's important to you in your $HOME directory anyway. So if someone gets to your user it's gone, anyway. Well, a) you do backup right? and b) if the rest of your system is intact, recovery is simpler - because you do backup right?
I use Puppy as a Frugal install. Backup and restoration are so ridiculously easy that jumping through the hoops of limited users would be absurd. Why do all that for the ease of just restoring my home directory, when I could not do all that and then just restore the pup_save.2fs file? Which is actually easier, since I don't have to mount the old pup_save.2fs file to replace the compromised home directory.


The best arguments for multi-user in Puppy that I've seen so far are:
A. Avoiding becoming a zombi
B. Keeping the illiterate from borking themselves very often
C. When you're in an actual multi-user situation and don't want the duplication of having two save files (though you could remaster the duplicated portions into the pup_xxx.sfs file to offset this, but whatever)
D. Running apps that were written by paranoid fascists and thus refuse to run as root


Those reasons are good enough that I'll be making the next version of Pizzapup be multi-user friendly out of the box.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

jglen490
Posts: 9
Joined: Sun 09 Mar 2008, 18:25

#83 Post by jglen490 »

trapster wrote:(paranoid)
No thanks, I only need one noid at a time :roll: .

I understand -- it's a choice. Just responding to the thread and explaining my position. Actually, I'm not at all fearful of what's beyond the walls of my home. It just is so ridiculously easy to use my "normal" user for everything EXCEPT for those things that affect my overall system health. The rest is just normal Linux. Puppy is the exception, not the rule, but Puppy also has a good reputation as an easy to use distro. So press on with whatever distro you want to use.

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#84 Post by edoc »

I use Puppy as a Frugal install. Backup and restoration are so ridiculously easy that jumping through the hoops of limited users would be absurd. Why do all that for the ease of just restoring my home directory, when I could not do all that and then just restore the pup_save.2fs file? Which is actually easier, since I don't have to mount the old pup_save.2fs file to replace the compromised home directory.
Wish I could run a Frugal Install. 3.01 has a bug of some sort that made booting as Frugal non-functional on two different laptops and one desktop here so they are all Full Installs.

Any word when we will see 3.02 and 4.x/Dingo?
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603

mill0001
Posts: 358
Joined: Thu 01 Feb 2007, 16:30
Location: "People's Republik of Kalifornia"

Running as root

#85 Post by mill0001 »

BarryK, I'm running fresh frugal install of 4.00 with Linux firewall enabled. I just ran Shields up scan a few minutes ago after reading this post and got full stealth results. This puppy is workin good Boss.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#86 Post by 8Geee »

Bruce B said 3 years ago:
When I used to run Windows 9x, I never got infected with a virus or a trojan. I use Windows 9x as an example because it is as if one is 'root' in terms of permissions. In most cases the infection is a user interaction. Not something that just happens. That is one reason why I never got an infection.
I used W98se for 8 years. Finally the 2nd MoBo died last month, and thats it. Never cared for Xp or Vista, and the admin problems there. The web is too complex for 98se: USB sticks are APITA, new builds are moving away from ISO9660 on CD/DVD. I bought an Eee. It also has migrated away from ISO9660, and won't look back.

As a former W98se user, I can verify Bruce's statements. The caveat was always, SpyBot, SpyBlaster, and a Firewall (I chose Sygate 5.6), previous to them, an AV was ESSENTIAL. But NOT after that trio was installed. ==> 2nd edit: Since the root can be secured, I will be using the pupeee version.

1st edit==> after re-reading this thread I have noted one obvious missing point. The reluctance to share if the modem 'pinged when attacked'. I just bought a new all-in-one modem/net/wifi box. Its cheaper than the two separate devices: modem and router. Straight off to grc.com. All the ports are stealthed but the modem pinged when attacked. Bad modem, bad bad modem, no XP for you! And the ASUS Eee has no native suport for a firewall... why? NO IPtables. Bad Eee, bad bad Eee. Kernal rebuild solves tough, but alas I didn't buy it to hack it. Maybe replace it, but not hack around in the dark fixing stuff.

2nd point is related to post 98se Windoze systems. Elevated root privilidges. THAT, is what keeps you busy and behind with M$. Lotsa apps can elevate themselves. Bad M$, bad bad M$.
Last edited by 8Geee on Sat 24 May 2008, 21:13, edited 1 time in total.

User avatar
urban soul
Posts: 273
Joined: Wed 05 Mar 2008, 17:03
Location: "Killing a nerd is not as much fun as ist sounds" B.Simpson
Contact:

#87 Post by urban soul »

I just want to throw in that a compromised system is a compromised system is a compromised system. If you are root or not doesnt matter. If I compromised a user account I will compromise the root account later. Later means there's time to fix it. Thats true.

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#88 Post by SirDuncan »

The problem with people saying that running as root will get you hacked is this:
Most distros give you the ability to run sudo to get root power. If the hacker compromises your unprivileged account, all he/she has to do is type sudo before any nasty command. At that point the hacker has your password, which is what you give when you run sudo.

That means that in that kind of environment the only advantage of an unprivileged account is that it protects the user from the user.

In other words, Puppy is no less secure than, say, Ubuntu because it runs as root. On either system, the hacker needs only to compromise a single account and can then do whatever he/she wants. On Puppy, the hacker cracks root's password and then types "rm -f -r /*". On Ubuntu, the hacker compromises bob's password and then types "sudo rm -f -r /*" followed by bob's password when prompted.

The only small advantage the non-root system has here is that the hacker has to find a user name, whereas the root account name is already known.

Still, I would like to see Puppy gain multiuser power at some point.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#89 Post by 8Geee »

Very good and touche. However, placing a Root name/pass in the mix to access root.might ward off the attacker. Having a default immutable name/pass defeats the purpose. Fortuneately Stephanie over at eeeusers forum was able to come up with a user/pass scheme (and mega-thankyous) for that rather broken distro, and Root can be protected (but see the recent news about the SSL flaw in Debian derived Operating Systems). Is the Root user/pass is mutable here?

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#90 Post by SirDuncan »

8Geee wrote:Is the Root user/pass is mutable here?
If by that you mean "can you change the root user name or password?", the answer is, yes you can change the password. I don't know if you can change the user name. It would be a good idea, though. Changing the name may cause some problems with scripts and such, but it is good security practice.

Personally, I always change the root password. I may forget to do it at first, but I eventually get around to it.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#91 Post by edoc »

SirDuncan wrote:Personally, I always change the root password. I may forget to do it at first, but I eventually get around to it.
Is that still possible in Puppy 4/Dingo?
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#92 Post by Pizzasgood »

I don't see why not. Just run passwd
Keep in mind that if CUPS asks for the password, you will have to use your new password rather than woofwoof.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#93 Post by SirDuncan »

edoc wrote:Is that still possible in Puppy 4/Dingo?
Absolutely.
Pizzasgood wrote:Just run passwd
Exactly.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#94 Post by Flash »

Anyone could drive a stake through this thread's heart anytime, by actually proving they had a problem which was caused by running Puppy as root. For instance, a computer that was taken over by malware which couldn't have worked if they hadn't been running as root. Until I see proof that it actually caused a problem, I'm not going to worry my pretty little head over running as root. :lol:

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#95 Post by cthisbear »

" Anyone could drive a stake through this thread's heart anytime,
by actually proving they had a problem which was caused
by running Puppy as root. "

Log onto the Whirlpool forum for their grief fest on Puppy.

Reminds me of that old Kinks song.
Paranoia the destroyer .

http://www.youtube.com/watch?v=ZBbAZVw3_7A

Chris.

User avatar
urban soul
Posts: 273
Joined: Wed 05 Mar 2008, 17:03
Location: "Killing a nerd is not as much fun as ist sounds" B.Simpson
Contact:

#96 Post by urban soul »

Barry probably thought: 'how much can I cut out of Linux and it still works ?' Afterwards things can be 'filled in' again anyways. This is a very creative approach in my opinion.

jglen490
Posts: 9
Joined: Sun 09 Mar 2008, 18:25

#97 Post by jglen490 »

Flash wrote:Anyone could drive a stake through this thread's heart anytime, by actually proving they had a problem which was caused by running Puppy as root. For instance, a computer that was taken over by malware which couldn't have worked if they hadn't been running as root. Until I see proof that it actually caused a problem, I'm not going to worry my pretty little head over running as root. :lol:
A better project would be to apply that idea to ANY Linux distro. Puppy is Linux, or so I've heard, the only difference being the intent of being an always "live" distro, rather than a full time, permanent distro.

You can run any Linux as root, if you are bold/brave/foolish enough. The point to running Linux as mostly non-root is to protect the heart of the OS - to the extent possible - while letting non-root account(s) take the hit, should one occur. A reasonable philosophy as long as the non-root account(s) are backed up periodically.

And, oh by the way, Linux security has nothing to do with account names. It has everything to do with strong passwords, up-to-date software, permissions, and some monitoring. Being careful doesn't take a lot of time. But it's your system, do as you will.

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#98 Post by kirk »

The point to running Linux as mostly non-root is to protect the heart of the OS - to the extent possible - while letting non-root account(s) take the hit, should one occur.
Exactly, and the heart of the Puppy OS is read-only. So there's no need to run as non-root. However some applications do run as non-root, http servers come to mind. And in Puppy it's not possible to su to root from a non-root user, it's never needed. A machine running an http server with Puppy is actually more secure than with other multi-user distros.

jglen490
Posts: 9
Joined: Sun 09 Mar 2008, 18:25

#99 Post by jglen490 »

That's true. However, the simple act of you acting in a root account opens up your entire system to an attack. Once in, changing the mode on any file from read only is a relatively trivial exercise.

Please, don't get me wrong. I have nothing against Puppy Linux, nor do I believe that an attack against you or anyone else running Puppy is imminent. My whole point is that if you are going to run a Linux system, and I love running Linux, give yourself the best possible experience while still using the best OS in the world.

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#100 Post by kirk »

That's true. However, the simple act of you acting in a root account opens up your entire system to an attack. Once in, changing the mode on any file from read only is a relatively trivial exercise.
No, It's not possible to change the files in a squashfs file system from read only. Wish it was. Can you download and install software that erases files? Yes. But in multi-user distros, people download and install software as there own user, which could erase user files (The only really important files). Or they can sudo or su to root, which must be done for lots of software, which could erase system files (easily fixed in puppy, not so with others). As far as other ways to open "your entire system to an attack" when using puppy, other than installing software, I'm not aware of any.

Post Reply