Why does Puppy run in root?

Booting, installing, newbie
Message
Author
Swarup
Posts: 219
Joined: Wed 21 May 2008, 01:28

Why does Puppy run in root?

#1 Post by Swarup »

I've been using Ubuntu for a year now, and am thinking to slim down to something smaller and faster for my older laptop. Puppy is definitely one of my top choices, but I am wondering why it runs in root? Sounds sort of risky and unnecessary. Is there some benefit to doing it this way?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

Last edited by Lobster on Tue 26 Aug 2008, 06:58, edited 2 times in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Swarup
Posts: 219
Joined: Wed 21 May 2008, 01:28

#3 Post by Swarup »

The site you refer me to assumes that the user is booting from a livecd every time they use puppy linux: "As long as Puppy starts from CD-ROM (and is not installed on the harddrive) the program-files and system-files are secure." Well, what if one is planning to install puppy on the hard drive, as I am? Is it then dangerous and insecure? I tried a few key words in the search window-- like "root", "user", "security", but did not find out anything further on this topic. If one is going to use puppy, is it preferable to boot always from cd or external medium? I would find this rather inconvenient I think. I would like to have a distro which I can install on my hard drive.

User avatar
MU
Posts: 13649
Joined: Wed 24 Aug 2005, 16:52
Location: Karlsruhe, Germany
Contact:

#4 Post by MU »

you can encrypt your savefile using the frugal installation, and run seamonkey as unprivileged user.

http://www.murga-linux.com/puppy/viewtopic.php?t=29125

Imho this is more secure than using another distro with full installation.

Mark
[url=http://murga-linux.com/puppy/viewtopic.php?p=173456#173456]my recommended links[/url]

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#5 Post by Pizzasgood »

Disclaimer: I'm all for having better multi-user support in Puppy, so long as it isn't forced on the user.


Swarup, you posted while I was typing. I'm not going to go through and fix my post to take into account yours and MU's. Instead, I'll just address it now and then leave my original post unchanged following it.

If you boot puppy with the puppy pfix=ram option, it will boot up completely pristine, as though you had never run it on that computer before. Otherwise, Puppy will look to see if you have a pup_save.2fs file, which you can opt to create when you first reboot. If it detects one, it will load it. All changes you make will be stored in that file, including changed system files. Next boot those changed files will be loaded, unless you use the pfix=ram option. So if you get compromised, you can boot with pfix=ram and make a new save file. You can even mount the old one and extract important data, so long as you're careful to check that it's non-compromised data (or clean it up if it isn't).

This applies to Live-CD, Frugal-HD, and USB installs. Full-HD installs are different (and no more "full" either, just words...) Full-HD installs work just like you'd expect a normal distro to work. You can't make them not save, and if they are compromised you must either restore a backup, repair the individual errors, or reinstall from scratch. They also won't load the original files into RAM, making access times slightly worse for most people (but probably not very noticeable). Some people will point out that they also offer better RAM usage because of this, but that is not always true. Since Puppy 4, a Frugal install can be given the pfix=noram option, which will mount the pup_xxx.sfs file from the harddrive. So that negates the faster access times, but allows you to function in a low-ram machine. The same thing will automatically happen in ANY Puppy if Puppy determines that you don't have enough ram to load the pup_xxx.sfs file into it and still have some left over for working.



Original post:
That page Lobster linked to is misleading. It makes it appear that, under normal usage conditions, the core programs will be pristine with every boot. This is not so. The original copy of those programs remains pristine, but if you have a pup_save.2fs file (which the vast majority of users will have) then any compromised system files will be saved in that and loaded over the originals each boot. Booting with puppy pfix=ram will of course allow you to boot into a completely pristine and almost certainly uncompromised Puppy, but the rest of the time you face just as much risk of having compromised system files as you do running as root in another distro.

A difference from other distros is that Puppy is much much easier to reinstall. And you have to remember, whether you run as root or not, your personal data is equally vulnerable.

Thus, if one remains vigilant to ensure that nothing has been compromised, Puppy will be little different from any other distro. You can argue that you don't need to be so vigilant in others, but you actually do. If someone doesn't keep an eye on the files their non-root user owns to make sure they are clean, yet complain that running as root is insecure, he/she is a moron. A hacker has an easier time if they have access to root, but there's still a good amount they can do from a limited account. Example: they simply use you as a carrier by sticking a windows virus into that email you're sending to your family, who has yet to convert to Linux... A limited user probably has enough permissions to become a zombie, albeit only when that user is logged in (which for a single-user machine will be most of the time). Then there's the ID-theft aspect, since they have access to all your personal data.


I don't deny that a limited user is more secure than root, but not by enough to worry about it in Puppy. In other distros that take longer to repair this may not be the case. Get compromised in Puppy? Just drop your pup_save.2fs file and start a new one. You can mount the old file and retrieve any needed data (thoroughly cleaning it first of course) and be on your feet just as fast as somebody who had to drop a limited user in a big distro. Sure, your system files were compromised, unlike theirs, but by scrapping the old pup_save.2fs file you are granted completely pristine files.


So to me, the only valid complaints are with respect to actual MULTI-USER situations. Sharing with a family for example. Puppy does have some support for this (every person can have his/her own optionally encrypted pup_save file), but it isn't as nice as true multi-user. On some ways it's superior though (each user is much more isolated - they all get to be "root" of their own little worlds). The biggest sore point is that they all have permission to simply delete another person's save file, even if they can't mount it (due to encryption). Of course, limited users don't prevent people from booting via live-cd and wiping everything out either, unless you set up your bios properly and then lock up the case...


One thing to note: the pup_save.2fs and pristine files related things are not relevant for a Full-Install. For those, if you are compromised you won't be able to just drop your pup_save.2fs file because you won't have one. You'll have to either restore a backup or reinstall Puppy. Fortunately, Puppy is a pretty fast install even for a Full-Install. Only ~200 MB. Full-Install users also won't get the nifty encrypted save file deal, making literal multi-user capability very weak.



Sorry for the slightly fragmented post, and for the repetition that I think I had.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#6 Post by oblivious »

Thus, if one remains vigilant to ensure that nothing has been compromised
If someone doesn't keep an eye on the files their non-root user owns to make sure they are clean,
so long as you're careful to check that it's non-compromised data (or clean it up if it isn't)
.
I am curious as to how these are actually done? Also, do you know whether there have been reports in this forum (or elsewhere?) that someone has been compromised in Puppy and what actually happened? (ie not where there is external access, like the websites getting hacked, but just a normal computer running a firewall and no remote access functions) I've googled/searched, but I don't find anything very specific.

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#7 Post by BarryK »

There is a long-running forum thread discussing this topic, you should read that:
http://www.murga-linux.com/puppy/viewtopic.php?t=1246

Also some brief notes here:
http://puppylinux.com/faq.htm
[url]https://bkhome.org/news/[/url]

User avatar
nipper
Posts: 150
Joined: Sat 22 Mar 2008, 16:08

Re: Why does Puppy run in root?

#8 Post by nipper »

Swarup wrote:I've been using Ubuntu for a year now, and am thinking to slim down to something smaller and faster for my older laptop. Puppy is definitely one of my top choices, but I am wondering why it runs in root? Sounds sort of risky and unnecessary. Is there some benefit to doing it this way?
The main benefit of Puppy running as root is ease of use, it is crafted to be small and fast and easy for people who are used to running Windows to use. I think it achieved that.

Your question seems somewhat strange to me as the *buntus give the user "ALL" permissions in sudo. Making it about the same as Puppy except in Puppy you don't have to type sudo along with a command. I think they chose to go the "sudo" way for reasons similar to Puppy's. Consequently, from a security point of view, they are pretty much the same. Except, with Puppy you can choose no persistence so next boot you again have a pristine system even if you were compromised on the previous boot.

jonyo

#9 Post by jonyo »

Here's a thread that suddenly went 'buntu, sudo & root. :)

Swarup
Posts: 219
Joined: Wed 21 May 2008, 01:28

#10 Post by Swarup »

Thanks for all the info from everyone on this point. I think the most forceful point for me is that puppy is so small and easy to install, that if something happens it really doesn't matter. --Just reinstall puppy. I'll be keeping a separate data partition anyway. So my concerns for now are quelled. I shall go ahead and install puppy, and see what fun comes my way! :)

Irihapeti

#11 Post by Irihapeti »

I'm going to get a bit philosophical here. There's a big difference between something that could plausibly happen in certain circumstances, and what actually does happen (or has happened) in the real world. I notice that a lot of people get the two confused.

As I see it, Puppy has been around long enough for there to be a body of real-world experience on the safety/danger of running as root.

I figure that, if running as root were as hazardous as we've been told, Puppy forums would be full of messages about compromised systems - far more than on, say, Ubuntu forums. And as far as I can tell, that's not happening.

So I'm quite comfortable to go on running as root.

jonyo

#12 Post by jonyo »

oblivious wrote:Also, do you know whether there have been reports in this forum (or elsewhere?) that someone has been compromised in Puppy and what actually happened?
I've only seen one, where the poster was certain of being compromised & gave some details ('bout a year ago).

Don't think it went any further than that & can't find it.

Swarup
Posts: 219
Joined: Wed 21 May 2008, 01:28

#13 Post by Swarup »

Irihapeti wrote:I'm going to get a bit philosophical here. There's a big difference between something that could plausibly happen in certain circumstances, and what actually does happen (or has happened) in the real world. I notice that a lot of people get the two confused.

As I see it, Puppy has been around long enough for there to be a body of real-world experience on the safety/danger of running as root.

I figure that, if running as root were as hazardous as we've been told, Puppy forums would be full of messages about compromised systems - far more than on, say, Ubuntu forums. And as far as I can tell, that's not happening.

So I'm quite comfortable to go on running as root.
Makes a lot of sense to me. Why go on yelling "fire, fire!" when there isn't even any smoke? People on the Ubuntu forums will always warn you not to work unnecessarily in root because of the inherent dangers involved in doing so. Well, like you say-- why isn't this puppy forum filled with cries of anguish about what happened all these years with thousands of people working continuously in root?

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#14 Post by SirDuncan »

The main danger for the user running as root is the user him/herself. You are far more likely to screw up your own system than have someone hack you and screw up your system. Also, as has been said here, most non-root distros give you sudo. If your non-root account gets compromised, the hacker then types sudo+evil_command and does whatever s/he wants.

The use of sudo only makes the user think twice before doing something stupid, it does nothing to stop the hacker.

As an aside, is anyone else noticing the large amount of interest in the security of running as root?
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

Bruce B

#15 Post by Bruce B »

I read fourteen posts. Unless I wasn't reading well, nobody has mentioned passwords. Puppy allows only 8 characters. So make it a good one :)

ajai2ahY toiG4jee Bah8NooC AVoeC4na xux1An3e Iethe1ae ieLie2th AhNg5HoJ
Iing9oor eTaej7ie okahXex2 oLie2pee Ceequee7 To0saiSo eiTeur6U tooMu4qu
log2Cohb eeth0eDi aivohS6o haeSuk6o Ousoh8cu Engoo4ae Daich5ie IFep6mah
eiThaej6 eep5Uno6 tae9Eip5 ooPa8Cei shet5aiS Zahf4chu wie2tieM ahwee7Ph
tee8Eayo IeCheuy5 WaiPhoh3 Iemo8Qui Shoohie0 so9eoGhe cahVei8e eep7juX5
thee8Aem too2Shae Kaey6ohX iM5udeey ni1WieTo aecahM0o Ra7eush4 ahNg7quu
Goh8xah6 oD0geina Xai3Oy4u airaer8U weeZ5OoW Ohchooh0 oogh1Aip Meelaz0I
thioVai4 Moh0Taa6 Tho4ophe AhTh3zod cai5Aibo Qui2liew OhCee2ku aht4Ofew
pha3Eej3 diph7Eoh Iet5oush cei2Gei3 Foon0Jeu hoht2Uhe Ui2xieWi iiwohh2Z
hiez6Sie ohw0uP3i Veey5lai EiXier4g heiCh7su Moh6Eiw5 Dil1kooz ooNeu9ma
Loo1Anga oothe5Oh Shohfaa2 Mo7ahneC ou8Phoow thieth0K Equee4ix nee1Thee
yah8Meer eiph0Eim ea5Keifu doo2Cu1o tee5aV5p bei3Waef Jiin9eye iem2OGhe
Thoh4aev Ais3ahJa Ui2agoif ais6iX4F ohng5Ohn aej7Shoo Iequ9veu Zief8aem
eu4Ail3e Jeideew7 Ioshu4sh ieg0eeJa xie0Ooge shoS5ooN yei6ooBu queimuM2
WeePhe0m Aosh0uaH chai2The zoo9Ek2x osi2uo5D pe2Eewai Yoh5chai ohvieJ0d
aiSoosh7 Uy9ughe0 Koo8veS6 eNgei9Ho wuoZei5o So4eewee alooB5to Ooquiph5
Hoyai0na Aiveic2h Gaa4eiYe ohTie1Ie eiHi7gai Chiecei4 Eicha9iw oopoo0Ho
Eiciex6e oNgoo9ae koa6Saeg igaen5Ph Air3taPh oiS2AiGa onie9Rei Anahsh2w
oxa5Yi0u Quahth1m uCo2Ahgu xahPege2 Aika4pah Phei2aif Puish7ir DeiRe2wa
Sohth0ze Haith6ph Le1theav Ha5ieGhi Eih4Oofa Yu6nuvie oocho2Ni Fai6oGhi

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#16 Post by SirDuncan »

Bruce B wrote:nobody has mentioned passwords.
Not in this thread, but it has been mentioned in some of the others. I hadn't realized we were limited to 8 chars though.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#17 Post by Pizzasgood »

oblivious wrote:
Thus, if one remains vigilant to ensure that nothing has been compromised
If someone doesn't keep an eye on the files their non-root user owns to make sure they are clean,
so long as you're careful to check that it's non-compromised data (or clean it up if it isn't)
.
I am curious as to how these are actually done?
Aye, there's the rub. AV programs are one way. Another would be to make a list of md5sums for any important files that won't be changing often and then check them periodically. Monitoring your cpu, memory, and network usage is another good method. If you have a good idea what those numbers should look like, you can notice when they look wrong.

Also, I like to take a peek at my /var/log/messages file every now and then, especially if I'm running the sshd daemon (which Puppy does not include). If I leave sshd running long enough, I'll inevitably notice logs of brute-force attempts in my messages file. They don't succeed because they spend most of their time using random usernames instead of focusing on root. The chance that they'd ever hack my account seems abysmal, but given enough time they could happen to do it. So I only run sshd when I need it.

A Puppy-specific method would be to monitor the contents of pup_save.2fs (assuming you don't use Full-Install). Since that file only contains any new or changed data, only looking at it would filter out all the stuff that is almost certainly legit. If it contains files that you don't recall installing, they could be compromised. An easy way to check this file is to look in /initrd/pup_rw/ (but don't change anything inside that directory or you'll confuse Puppy).



My probably obscured point writing that post was that those things are just as necessary (or unnecessary) in other distros as in Puppy. To me, being that paranoid is mostly more work than it's worth. Some people think otherwise, and that's fine. But those who do should be consistent. It makes no sense to be paranoid when running as root but not when using a "limited" user, even without sudo (I didn't know sudo was so simple, as I've only used Puppy and Gentoo, and neither have it).
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#18 Post by oblivious »

Thanks.
Since that file only contains any new or changed data
New or changed since your last logon, or since the installation? If the former, are there 2 "tiers" in the pup save file - since installation and since last logon?

Bruce B

Re: Why does Puppy run in root?

#19 Post by Bruce B »

Swarup wrote:I've been using Ubuntu for a year now, and am thinking to slim down to something smaller and faster for my older laptop. Puppy is definitely one of my top choices, but I am wondering why it runs in root? Sounds sort of risky and unnecessary. Is there some benefit to doing it this way?
I'm tempted to post a new topic called, "Why won't Ubuntu let us have a real administrator account?"
  • * Other distributions (most major ones) do!
Why?
  • * Ubuntu wants to be the Microsoft Windows Vista of Linux?
    * Ubuntu doesn't trust you with your computer?
    * ???

jonyo

Re: Why does Puppy run in root?

#20 Post by jonyo »

Bruce B wrote:
  • * Other distributions (most major ones) do!
Why?
  • * Ubuntu wants to be the Microsoft Windows Vista of Linux?
    * Ubuntu doesn't trust you with your computer?
    * ???
Might have a read at distrowatch comments. Big time 'buntu hate bashing nonsense going on, led by none other than satan 666.. :shock:

A true linux aficionado ..I suppose

Along with the usual linux vs win, linux shoudn't be like win etc claptrap..

Us vs them, let the chatter begin.. Who needs soap operas when there is Distrowatch..lol

Ahhh.. success breeds hate mongers..no doubt..(just speaking ~ generally here..)

blah blah blah ..switch off..

At any rate, I'm interested in ""Why won't Ubuntu let us have a real administrator account?"

* Other distributions (most major ones) do!


Why? "

Post Reply