Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 01 Oct 2014, 16:49
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why I don't like running as root (in Puppy)
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 7 of 9 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Author Message
edoc


Joined: 07 Aug 2005
Posts: 4377
Location: Southeast Georgia, USA

PostPosted: Thu 15 May 2008, 21:37    Post_subject:  

SirDuncan wrote:
Personally, I always change the root password. I may forget to do it at first, but I eventually get around to it.


Is that still possible in Puppy 4/Dingo?

_________________
Thanks! David
Home page: http://nevils-station.com
Don't google Search! http://duckduckgo.com
Puppy upup Raring 3992 & Lighthouse64-b602
Back to top
View user's profile Send_private_message Visit_website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Thu 15 May 2008, 21:55    Post_subject:  

I don't see why not. Just run passwd
Keep in mind that if CUPS asks for the password, you will have to use your new password rather than woofwoof.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Thu 15 May 2008, 22:38    Post_subject:  

edoc wrote:
Is that still possible in Puppy 4/Dingo?

Absolutely.

Pizzasgood wrote:
Just run passwd

Exactly.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send_private_message Visit_website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11081
Location: Arizona USA

PostPosted: Thu 15 May 2008, 23:51    Post_subject:  

Anyone could drive a stake through this thread's heart anytime, by actually proving they had a problem which was caused by running Puppy as root. For instance, a computer that was taken over by malware which couldn't have worked if they hadn't been running as root. Until I see proof that it actually caused a problem, I'm not going to worry my pretty little head over running as root. Laughing
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3417
Location: Sydney Australia

PostPosted: Fri 16 May 2008, 04:58    Post_subject:  

" Anyone could drive a stake through this thread's heart anytime,
by actually proving they had a problem which was caused
by running Puppy as root. "

Log onto the Whirlpool forum for their grief fest on Puppy.

Reminds me of that old Kinks song.
Paranoia the destroyer .

http://www.youtube.com/watch?v=ZBbAZVw3_7A

Chris.
Back to top
View user's profile Send_private_message 
urban soul


Joined: 05 Mar 2008
Posts: 276
Location: "Killing a nerd is not as much fun as ist sounds" B.Simpson

PostPosted: Fri 16 May 2008, 05:05    Post_subject:  

Barry probably thought: 'how much can I cut out of Linux and it still works ?' Afterwards things can be 'filled in' again anyways. This is a very creative approach in my opinion.
Back to top
View user's profile Send_private_message Visit_website 
jglen490

Joined: 09 Mar 2008
Posts: 9

PostPosted: Tue 20 May 2008, 23:20    Post_subject:  

Flash wrote:
Anyone could drive a stake through this thread's heart anytime, by actually proving they had a problem which was caused by running Puppy as root. For instance, a computer that was taken over by malware which couldn't have worked if they hadn't been running as root. Until I see proof that it actually caused a problem, I'm not going to worry my pretty little head over running as root. Laughing


A better project would be to apply that idea to ANY Linux distro. Puppy is Linux, or so I've heard, the only difference being the intent of being an always "live" distro, rather than a full time, permanent distro.

You can run any Linux as root, if you are bold/brave/foolish enough. The point to running Linux as mostly non-root is to protect the heart of the OS - to the extent possible - while letting non-root account(s) take the hit, should one occur. A reasonable philosophy as long as the non-root account(s) are backed up periodically.

And, oh by the way, Linux security has nothing to do with account names. It has everything to do with strong passwords, up-to-date software, permissions, and some monitoring. Being careful doesn't take a lot of time. But it's your system, do as you will.
Back to top
View user's profile Send_private_message 
kirk

Joined: 11 Nov 2005
Posts: 1411
Location: florida

PostPosted: Tue 20 May 2008, 23:45    Post_subject:  

Quote:
The point to running Linux as mostly non-root is to protect the heart of the OS - to the extent possible - while letting non-root account(s) take the hit, should one occur.


Exactly, and the heart of the Puppy OS is read-only. So there's no need to run as non-root. However some applications do run as non-root, http servers come to mind. And in Puppy it's not possible to su to root from a non-root user, it's never needed. A machine running an http server with Puppy is actually more secure than with other multi-user distros.
Back to top
View user's profile Send_private_message 
jglen490

Joined: 09 Mar 2008
Posts: 9

PostPosted: Wed 21 May 2008, 11:44    Post_subject:  

That's true. However, the simple act of you acting in a root account opens up your entire system to an attack. Once in, changing the mode on any file from read only is a relatively trivial exercise.

Please, don't get me wrong. I have nothing against Puppy Linux, nor do I believe that an attack against you or anyone else running Puppy is imminent. My whole point is that if you are going to run a Linux system, and I love running Linux, give yourself the best possible experience while still using the best OS in the world.
Back to top
View user's profile Send_private_message 
kirk

Joined: 11 Nov 2005
Posts: 1411
Location: florida

PostPosted: Wed 21 May 2008, 13:57    Post_subject:  

Quote:
That's true. However, the simple act of you acting in a root account opens up your entire system to an attack. Once in, changing the mode on any file from read only is a relatively trivial exercise.


No, It's not possible to change the files in a squashfs file system from read only. Wish it was. Can you download and install software that erases files? Yes. But in multi-user distros, people download and install software as there own user, which could erase user files (The only really important files). Or they can sudo or su to root, which must be done for lots of software, which could erase system files (easily fixed in puppy, not so with others). As far as other ways to open "your entire system to an attack" when using puppy, other than installing software, I'm not aware of any.
Back to top
View user's profile Send_private_message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Wed 21 May 2008, 14:07    Post_subject:  

jglen490 wrote:
That's true. However, the simple act of you acting in a root account opens up your entire system to an attack. Once in, changing the mode on any file from read only is a relatively trivial exercise.

Root doesn't need to change the file permissions. As root, you can just delete everything regardless of permissions. On a *nix system, root is omnipotent.

Still, as I pointed out, it is also trivial for a non-root user to gain root power with sudo. If Puppy ever goes multi-user, I hope that Barry will exclude that command.

However, I think what Kirk and others have referred to is that the CD is read-only and not even root can delete its contents. Many people run from the CD in some way (multi-session, save file on the HD or flash drive), so they have no worries about their system files.

Even if you are running with a HD install, you don't have to worry about it unless you did a full HD install. On a frugal install, if the baddies delete your system files its not a big deal. You just have to restore 4 files and maybe GRUB. This takes a few minutes. Then restore the backup of your save file (you are making backups, right?). You may have lost some data, but you probably didn't lose too much if you make frequent backups.

A full HD install is a bit trickier. Backups are more difficult, and the file system is spread across hundreds of files. you've lost all of the ease in system restoration and not gained any security.

jglen490 wrote:
It has everything to do with strong passwords

Exactly. Regardless of whether you run as root or as jimmybob16, the most important protection is a strong password.

Kirk posted while I was writing this. Kirk, you are correct that the files inside of the squashfile cannot be individually tampered with, but you can delete the whole squashfile if you are not running from CD.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send_private_message Visit_website 
jglen490

Joined: 09 Mar 2008
Posts: 9

PostPosted: Wed 21 May 2008, 22:01    Post_subject:  

Part of the alleged "fun" of hacking into someone's system is not complete destruction, but rather control in such a way that a) the owner of the system is unaware and b) the the controller can use the one platform to gain control of more platforms.

Never say never. If something can be originally written to a squashfs, it can be re-written. It's technology, not magic. I wouldn't be as concerned about what is on the CD, as you say if files are on a CD-R, not even root can alter them. Once they are in memory, that's another story, plus Puppy can write certain files to disk for permanent use even in a frugal install or a memory only install. So be careful what you download and what you save/keep, and monitor what ends up as saved

Again, I have no ill-will towards the concept of Puppy Linux, the creator of Puppy Linux, or any Puppy Linux user. The myth of infallibility, is just that - a myth. The risk may be different in some use cases, but that's all.

Applying good security practices including strong password usage (with or without the use of sudo), will serve you better than anything else, including reliance on the good will of others when you are on-line.
Back to top
View user's profile Send_private_message 
kirk

Joined: 11 Nov 2005
Posts: 1411
Location: florida

PostPosted: Wed 21 May 2008, 22:54    Post_subject:  

I don't think it's reasonable to add the extra aggravation to run as a non-root user because your system may be compromised by some inconceivable attack. Especially since Puppy is so absurdly easy to fix. If I applied the same logic to the rest of my life I'd have to live in a bio-bubble inside a bomb shelter.

Again, unless you install malicious software, you won't have a problem. People who install malicious software, do so thinking it's safe. So if they run a multi-user system and the software package says you must be root to install, the user will su to root to install it. The myth that a multi-user installation protects you from mal-ware is just that - a myth. Unless you don't know the root password. Multi-user systems are great when you actually have multiple people using it.

So far the reasons I've saw for running as non-root are:

* It gives me protection from the unknown for unknown reasons.
* It makes the hapless type sudo before screwing up there system

Edit: Just read Pizza's post on the previous page, totally agree and I have to add one more reason to my list:

* Avoiding becoming a zombi Laughing Laughing

I guess I'm done with this thread.
Back to top
View user's profile Send_private_message 
nipper


Joined: 22 Mar 2008
Posts: 150

PostPosted: Thu 22 May 2008, 11:30    Post_subject:  

My next door neighbours do not lock the front door of their house when they leave, either for the day or for a two week vacation.

They can't think of a reason to lock it. Does it follow logically that there is no valid reason?

In over 10 years they have not had anything stolen. Does if follow logically from that that they never will?
Back to top
View user's profile Send_private_message 
8Geee


Joined: 12 May 2008
Posts: 46
Location: N.E. USA

PostPosted: Sat 24 May 2008, 17:06    Post_subject:    

Sir Duncan:
Quote:
If by that you mean "can you change the root user name or password?", the answer is, yes you can change the password. I don't know if you can change the user name. It would be a good idea, though. Changing the name may cause some problems with scripts and such, but it is good security practice.


That will cause me to edit my former post, and render Puppy and derivitives as most acceptible. Being the ex-Win user, I can toss the old desktop into the recycler. I knew someone got the root secured, it certainly isn't the default OS in the Eee.

Many thanks
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 7 of 9 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1109s ][ Queries: 12 (0.0198s) ][ GZIP on ]