Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Nov 2014, 03:12
All times are UTC - 4
 Forum index » House Training » Beginners Help ( Start Here)
Why does Puppy run in root?
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 4 [48 Posts]   Goto page: 1, 2, 3, 4 Next
Author Message
Swarup

Joined: 20 May 2008
Posts: 219

PostPosted: Tue 20 May 2008, 21:35    Post subject:  Why does Puppy run in root?  

I've been using Ubuntu for a year now, and am thinking to slim down to something smaller and faster for my older laptop. Puppy is definitely one of my top choices, but I am wondering why it runs in root? Sounds sort of risky and unnecessary. Is there some benefit to doing it this way?
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 20 May 2008, 22:20    Post subject:  

http://www.puppylinux.org/manuals/puppy-40/english/security/root
for more info Smile

_________________
Puppy WIKI

Last edited by Lobster on Tue 26 Aug 2008, 02:58; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
Swarup

Joined: 20 May 2008
Posts: 219

PostPosted: Wed 21 May 2008, 00:11    Post subject:  

The site you refer me to assumes that the user is booting from a livecd every time they use puppy linux: "As long as Puppy starts from CD-ROM (and is not installed on the harddrive) the program-files and system-files are secure." Well, what if one is planning to install puppy on the hard drive, as I am? Is it then dangerous and insecure? I tried a few key words in the search window-- like "root", "user", "security", but did not find out anything further on this topic. If one is going to use puppy, is it preferable to boot always from cd or external medium? I would find this rather inconvenient I think. I would like to have a distro which I can install on my hard drive.
Back to top
View user's profile Send private message 
MU


Joined: 24 Aug 2005
Posts: 13644
Location: Karlsruhe, Germany

PostPosted: Wed 21 May 2008, 00:19    Post subject:  

you can encrypt your savefile using the frugal installation, and run seamonkey as unprivileged user.

http://www.murga-linux.com/puppy/viewtopic.php?t=29125

Imho this is more secure than using another distro with full installation.

Mark

_________________
my recommended links
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 21 May 2008, 00:33    Post subject:  

Disclaimer: I'm all for having better multi-user support in Puppy, so long as it isn't forced on the user.


Swarup, you posted while I was typing. I'm not going to go through and fix my post to take into account yours and MU's. Instead, I'll just address it now and then leave my original post unchanged following it.

If you boot puppy with the puppy pfix=ram option, it will boot up completely pristine, as though you had never run it on that computer before. Otherwise, Puppy will look to see if you have a pup_save.2fs file, which you can opt to create when you first reboot. If it detects one, it will load it. All changes you make will be stored in that file, including changed system files. Next boot those changed files will be loaded, unless you use the pfix=ram option. So if you get compromised, you can boot with pfix=ram and make a new save file. You can even mount the old one and extract important data, so long as you're careful to check that it's non-compromised data (or clean it up if it isn't).

This applies to Live-CD, Frugal-HD, and USB installs. Full-HD installs are different (and no more "full" either, just words...) Full-HD installs work just like you'd expect a normal distro to work. You can't make them not save, and if they are compromised you must either restore a backup, repair the individual errors, or reinstall from scratch. They also won't load the original files into RAM, making access times slightly worse for most people (but probably not very noticeable). Some people will point out that they also offer better RAM usage because of this, but that is not always true. Since Puppy 4, a Frugal install can be given the pfix=noram option, which will mount the pup_xxx.sfs file from the harddrive. So that negates the faster access times, but allows you to function in a low-ram machine. The same thing will automatically happen in ANY Puppy if Puppy determines that you don't have enough ram to load the pup_xxx.sfs file into it and still have some left over for working.



Original post:
That page Lobster linked to is misleading. It makes it appear that, under normal usage conditions, the core programs will be pristine with every boot. This is not so. The original copy of those programs remains pristine, but if you have a pup_save.2fs file (which the vast majority of users will have) then any compromised system files will be saved in that and loaded over the originals each boot. Booting with puppy pfix=ram will of course allow you to boot into a completely pristine and almost certainly uncompromised Puppy, but the rest of the time you face just as much risk of having compromised system files as you do running as root in another distro.

A difference from other distros is that Puppy is much much easier to reinstall. And you have to remember, whether you run as root or not, your personal data is equally vulnerable.

Thus, if one remains vigilant to ensure that nothing has been compromised, Puppy will be little different from any other distro. You can argue that you don't need to be so vigilant in others, but you actually do. If someone doesn't keep an eye on the files their non-root user owns to make sure they are clean, yet complain that running as root is insecure, he/she is a moron. A hacker has an easier time if they have access to root, but there's still a good amount they can do from a limited account. Example: they simply use you as a carrier by sticking a windows virus into that email you're sending to your family, who has yet to convert to Linux... A limited user probably has enough permissions to become a zombie, albeit only when that user is logged in (which for a single-user machine will be most of the time). Then there's the ID-theft aspect, since they have access to all your personal data.


I don't deny that a limited user is more secure than root, but not by enough to worry about it in Puppy. In other distros that take longer to repair this may not be the case. Get compromised in Puppy? Just drop your pup_save.2fs file and start a new one. You can mount the old file and retrieve any needed data (thoroughly cleaning it first of course) and be on your feet just as fast as somebody who had to drop a limited user in a big distro. Sure, your system files were compromised, unlike theirs, but by scrapping the old pup_save.2fs file you are granted completely pristine files.


So to me, the only valid complaints are with respect to actual MULTI-USER situations. Sharing with a family for example. Puppy does have some support for this (every person can have his/her own optionally encrypted pup_save file), but it isn't as nice as true multi-user. On some ways it's superior though (each user is much more isolated - they all get to be "root" of their own little worlds). The biggest sore point is that they all have permission to simply delete another person's save file, even if they can't mount it (due to encryption). Of course, limited users don't prevent people from booting via live-cd and wiping everything out either, unless you set up your bios properly and then lock up the case...


One thing to note: the pup_save.2fs and pristine files related things are not relevant for a Full-Install. For those, if you are compromised you won't be able to just drop your pup_save.2fs file because you won't have one. You'll have to either restore a backup or reinstall Puppy. Fortunately, Puppy is a pretty fast install even for a Full-Install. Only ~200 MB. Full-Install users also won't get the nifty encrypted save file deal, making literal multi-user capability very weak.



Sorry for the slightly fragmented post, and for the repetition that I think I had.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
oblivious

Joined: 14 Apr 2007
Posts: 304
Location: Western Australia

PostPosted: Wed 21 May 2008, 04:36    Post subject:  

Quote:
Thus, if one remains vigilant to ensure that nothing has been compromised

Quote:
If someone doesn't keep an eye on the files their non-root user owns to make sure they are clean,

Quote:
so long as you're careful to check that it's non-compromised data (or clean it up if it isn't)
.
I am curious as to how these are actually done? Also, do you know whether there have been reports in this forum (or elsewhere?) that someone has been compromised in Puppy and what actually happened? (ie not where there is external access, like the websites getting hacked, but just a normal computer running a firewall and no remote access functions) I've googled/searched, but I don't find anything very specific.
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7084
Location: Perth, Western Australia

PostPosted: Wed 21 May 2008, 09:38    Post subject:  

There is a long-running forum thread discussing this topic, you should read that:
http://www.murga-linux.com/puppy/viewtopic.php?t=1246

Also some brief notes here:
http://puppylinux.com/faq.htm

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
nipper


Joined: 22 Mar 2008
Posts: 150

PostPosted: Wed 21 May 2008, 10:39    Post subject: Re: Why does Puppy run in root?  

Swarup wrote:
I've been using Ubuntu for a year now, and am thinking to slim down to something smaller and faster for my older laptop. Puppy is definitely one of my top choices, but I am wondering why it runs in root? Sounds sort of risky and unnecessary. Is there some benefit to doing it this way?


The main benefit of Puppy running as root is ease of use, it is crafted to be small and fast and easy for people who are used to running Windows to use. I think it achieved that.

Your question seems somewhat strange to me as the *buntus give the user "ALL" permissions in sudo. Making it about the same as Puppy except in Puppy you don't have to type sudo along with a command. I think they chose to go the "sudo" way for reasons similar to Puppy's. Consequently, from a security point of view, they are pretty much the same. Except, with Puppy you can choose no persistence so next boot you again have a pristine system even if you were compromised on the previous boot.
Back to top
View user's profile Send private message 
jonyo

Joined: 28 Dec 2006
Posts: 2727

PostPosted: Wed 21 May 2008, 15:22    Post subject:  

Here's a thread that suddenly went 'buntu, sudo & root. Smile
Back to top
View user's profile Send private message 
Swarup

Joined: 20 May 2008
Posts: 219

PostPosted: Wed 21 May 2008, 17:30    Post subject:  

Thanks for all the info from everyone on this point. I think the most forceful point for me is that puppy is so small and easy to install, that if something happens it really doesn't matter. --Just reinstall puppy. I'll be keeping a separate data partition anyway. So my concerns for now are quelled. I shall go ahead and install puppy, and see what fun comes my way! Smile
Back to top
View user's profile Send private message 
Irihapeti
Guest


PostPosted: Wed 21 May 2008, 18:58    Post subject:  

I'm going to get a bit philosophical here. There's a big difference between something that could plausibly happen in certain circumstances, and what actually does happen (or has happened) in the real world. I notice that a lot of people get the two confused.

As I see it, Puppy has been around long enough for there to be a body of real-world experience on the safety/danger of running as root.

I figure that, if running as root were as hazardous as we've been told, Puppy forums would be full of messages about compromised systems - far more than on, say, Ubuntu forums. And as far as I can tell, that's not happening.

So I'm quite comfortable to go on running as root.
Back to top
jonyo

Joined: 28 Dec 2006
Posts: 2727

PostPosted: Wed 21 May 2008, 19:28    Post subject:  

oblivious wrote:
Also, do you know whether there have been reports in this forum (or elsewhere?) that someone has been compromised in Puppy and what actually happened?
I've only seen one, where the poster was certain of being compromised & gave some details ('bout a year ago).

Don't think it went any further than that & can't find it.
Back to top
View user's profile Send private message 
Swarup

Joined: 20 May 2008
Posts: 219

PostPosted: Wed 21 May 2008, 19:45    Post subject:  

Irihapeti wrote:
I'm going to get a bit philosophical here. There's a big difference between something that could plausibly happen in certain circumstances, and what actually does happen (or has happened) in the real world. I notice that a lot of people get the two confused.

As I see it, Puppy has been around long enough for there to be a body of real-world experience on the safety/danger of running as root.

I figure that, if running as root were as hazardous as we've been told, Puppy forums would be full of messages about compromised systems - far more than on, say, Ubuntu forums. And as far as I can tell, that's not happening.

So I'm quite comfortable to go on running as root.


Makes a lot of sense to me. Why go on yelling "fire, fire!" when there isn't even any smoke? People on the Ubuntu forums will always warn you not to work unnecessarily in root because of the inherent dangers involved in doing so. Well, like you say-- why isn't this puppy forum filled with cries of anguish about what happened all these years with thousands of people working continuously in root?
Back to top
View user's profile Send private message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Wed 21 May 2008, 20:05    Post subject:  

The main danger for the user running as root is the user him/herself. You are far more likely to screw up your own system than have someone hack you and screw up your system. Also, as has been said here, most non-root distros give you sudo. If your non-root account gets compromised, the hacker then types sudo+evil_command and does whatever s/he wants.

The use of sudo only makes the user think twice before doing something stupid, it does nothing to stop the hacker.

As an aside, is anyone else noticing the large amount of interest in the security of running as root?

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
Bruce B


Joined: 18 May 2005
Posts: 11131
Location: The Peoples Republic of California

PostPosted: Wed 21 May 2008, 21:34    Post subject:  

I read fourteen posts. Unless I wasn't reading well, nobody has mentioned passwords. Puppy allows only 8 characters. So make it a good one :)

ajai2ahY toiG4jee Bah8NooC AVoeC4na xux1An3e Iethe1ae ieLie2th AhNg5HoJ
Iing9oor eTaej7ie okahXex2 oLie2pee Ceequee7 To0saiSo eiTeur6U tooMu4qu
log2Cohb eeth0eDi aivohS6o haeSuk6o Ousoh8cu Engoo4ae Daich5ie IFep6mah
eiThaej6 eep5Uno6 tae9Eip5 ooPa8Cei shet5aiS Zahf4chu wie2tieM ahwee7Ph
tee8Eayo IeCheuy5 WaiPhoh3 Iemo8Qui Shoohie0 so9eoGhe cahVei8e eep7juX5
thee8Aem too2Shae Kaey6ohX iM5udeey ni1WieTo aecahM0o Ra7eush4 ahNg7quu
Goh8xah6 oD0geina Xai3Oy4u airaer8U weeZ5OoW Ohchooh0 oogh1Aip Meelaz0I
thioVai4 Moh0Taa6 Tho4ophe AhTh3zod cai5Aibo Qui2liew OhCee2ku aht4Ofew
pha3Eej3 diph7Eoh Iet5oush cei2Gei3 Foon0Jeu hoht2Uhe Ui2xieWi iiwohh2Z
hiez6Sie ohw0uP3i Veey5lai EiXier4g heiCh7su Moh6Eiw5 Dil1kooz ooNeu9ma
Loo1Anga oothe5Oh Shohfaa2 Mo7ahneC ou8Phoow thieth0K Equee4ix nee1Thee
yah8Meer eiph0Eim ea5Keifu doo2Cu1o tee5aV5p bei3Waef Jiin9eye iem2OGhe
Thoh4aev Ais3ahJa Ui2agoif ais6iX4F ohng5Ohn aej7Shoo Iequ9veu Zief8aem
eu4Ail3e Jeideew7 Ioshu4sh ieg0eeJa xie0Ooge shoS5ooN yei6ooBu queimuM2
WeePhe0m Aosh0uaH chai2The zoo9Ek2x osi2uo5D pe2Eewai Yoh5chai ohvieJ0d
aiSoosh7 Uy9ughe0 Koo8veS6 eNgei9Ho wuoZei5o So4eewee alooB5to Ooquiph5
Hoyai0na Aiveic2h Gaa4eiYe ohTie1Ie eiHi7gai Chiecei4 Eicha9iw oopoo0Ho
Eiciex6e oNgoo9ae koa6Saeg igaen5Ph Air3taPh oiS2AiGa onie9Rei Anahsh2w
oxa5Yi0u Quahth1m uCo2Ahgu xahPege2 Aika4pah Phei2aif Puish7ir DeiRe2wa
Sohth0ze Haith6ph Le1theav Ha5ieGhi Eih4Oofa Yu6nuvie oocho2Ni Fai6oGhi
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 4 [48 Posts]   Goto page: 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Beginners Help ( Start Here)
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1306s ][ Queries: 12 (0.0284s) ][ GZIP on ]