Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 22 Nov 2014, 20:01
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why I don't like running as root (in Puppy)
Post new topic   Reply to topic View previous topic :: View next topic
Page 4 of 9 [130 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Author Message
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7082
Location: Perth, Western Australia

PostPosted: Fri 06 Jan 2006, 10:20    Post subject:  

Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Back to top
View user's profile Send private message Visit poster's website 
jmarsden


Joined: 31 Dec 2005
Posts: 263
Location: California, USA

PostPosted: Fri 06 Jan 2006, 18:19    Post subject:  

This post is probably overkill,but:
BarryK wrote:
Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.

I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!

BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try nmap and (if desired) Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.

Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick
Code:
# netstat -nl --inet
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling Smile [[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to
Code:
# netstat -na -f inet
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]

Jonathan
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Fri 06 Jan 2006, 22:32    Post subject:  

i don't think a router or modem should have a telnet port open either

the thing is, a router or modem is usually a little computer, with a cpu and ram and flash memory instead of a hard drive ... or it might have a hard drive ... so it is potentially as vulnerable as a computer is ... if a cracker can hack into your router, he can potentially gain full access to all the machines on your network

though why a router/modem would be running a web server or ftp server i don't know ... that is why i wondered if it was another computer on your network with the open ports

my grc test results

i don't really care about "stealth" ... closed ports are good enough for me ... though i have noticed that when you run completely "stealthed", there does seem to be a little less trafffic trying to worm into your system
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Fri 06 Jan 2006, 22:38    Post subject:  

by the way, the forum seems to imply that i started this thread Why I like running as root (in Puppy)

i did not ... i do not like running as root at all

the reason my name is attached to the thread is because the thread was moved, and it probably used my name because i was the last one that posted to the thread before it was moved
Back to top
View user's profile Send private message 
jmarsden


Joined: 31 Dec 2005
Posts: 263
Location: California, USA

PostPosted: Wed 11 Jan 2006, 16:13    Post subject:  

GuestToo wrote:
though why a router/modem would be running a web server or ftp server i don't know ...

Well, most consumer routers use a web server to provide their easy-to-use administration interface. By default they only serve web pages on their internal (LAN) interface, but often you can enable the web service (either http or https or both) on the external (WAN) side too if you so choose. It does sound as though this particular router may not be configured optimally, and I'd definitely encourage BarryK to let his friend know of this, and (if necessary) suggest that his friend seeks help in getting it more securely configured.

Jonathan
Back to top
View user's profile Send private message 
muskrat

Joined: 03 Jul 2005
Posts: 24
Location: Gulf Coast TX-MX

PostPosted: Tue 17 Jan 2006, 11:23    Post subject:  

Ok I see your logic, and aggree somewhat to what your saying about root not being any worse danger than a normal user. Except for some programs such as Xchat.

In Windows you can issue a command in chat and crash all windows systems on that channel. Now if I'm running root, is it possable to run commands that will effect me as Root reading these bits of script with a chat program?

As you said, your personal data is what's important, because Puppy is protected on CD, but lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?

_________________
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11154
Location: Arizona USA

PostPosted: Tue 17 Jan 2006, 13:28    Post subject:  

muskrat wrote:
... lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?

If you are running Puppy from the live CD, the hard drive is the only thing that could be contaminated. Probably the contamination would be limited to the pup001 file but as far as I can see there is nothing stopping Puppy from writing to the hard drive outside the pup001 file. In that case it would most likely just screw up your hard drive rather than install a rootkit or something like that, which would require the attacker to have intimate knowlege of your OS and configuration. I think.

It seems to me that the best solution is to back up your pup001 file, or at least the bits that are important to you, in an isolated repository on a regular schedule. And always wear your mittens.
Back to top
View user's profile Send private message 
muskrat

Joined: 03 Jul 2005
Posts: 24
Location: Gulf Coast TX-MX

PostPosted: Tue 17 Jan 2006, 21:14    Post subject:  

Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?
_________________
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Tue 17 Jan 2006, 22:21    Post subject:  

a rootkit would allow people to connect to your operating system as user "root", which would enable them to do anything that you can do (look at any of your files, delete files, change files, reconfigure anything, install programs, install keyloggers, install password sniffers, download, upload, surf to web sites, etc etc) ... they would probably be doing this from a text console, but it's also possible for them to see what you are seeing on the screen

a rootkit not only sets up your system so they can connect to it, it changes some of the system files so you don't notice anyone is connected ... it might change ls so you don't see the rootkit files, it might change md5sum so you don't know that certain files have been changed, ps and top so you don't see the rootkit programs running, ifconfig and netstat so you don't see that they are connected to you ... etc etc

one advantage to running Puppy, is that any changes to /bin, /sbin, /lib will be gone when you reboot ... and any changes to /usr will be visible if you look in /root/.usr (unless you have an option 2 install, in which case, you don't have most of the advantages of running Puppy anyway)

if you have a rootkit, anyone can use your operating system to mount/unmount any drives they like, snoop in them, install rootkits on those drives if they like
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11154
Location: Arizona USA

PostPosted: Tue 17 Jan 2006, 23:48    Post subject:  

muskrat wrote:
Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?

I only run puppy from the live CD. I have a dual-boot computer with Windows 2000(NTFS)/Mandrake Linux(ext3) on the hard drive. The Puppy live CD sees the Mandrake ext3 Home partition and puts the pupxxx file there. As far as I can tell, Puppy has never written anything anywhere else to the hard drive except the pup001 file. The "Only Possible Screwup" Laughing that I can see is if you try to enlarge the pup001 file when there's not enough room in the partition. For all I know, even that possibility is accounted for. I've enlarged my pup001 file to about 2 GB with no problems.
Back to top
View user's profile Send private message 
muskrat

Joined: 03 Jul 2005
Posts: 24
Location: Gulf Coast TX-MX

PostPosted: Wed 18 Jan 2006, 00:51    Post subject:  

So I guess in all reality it's not a good idea to run Puppy as root with a drive you value, that has another linux instalation on it. It could be compromised along with puppy. Even though puppy reboots and all is well your native linux might not be.

Is the any way to convert puppy to using a normal user, and su to do root. Just like a native install of linux?

Or an after thought, could I remove the root and boot partions from my Puppy fstab file? Would that help in making them unseen/unaccessable? Kind of out of site out of mind.

I like puppy and would like to experment some more with it. But realy don't like the idea of root kits getting placed in my native installations.

_________________
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Wed 18 Jan 2006, 03:33    Post subject:  

Quote:
It could be compromised along with puppy

well, the potential is there

you can run X as user "spot" ... it isn't hard to do, though there are problems, like permissions, and mounting/unmounting and accessing drives, etc etc

running as spot would not prevent someone logging onto your system as root ... if he could do it when you run as root, he can do it when you run as spot

Quote:
realy don't like the idea of root kits getting placed in my native installations

it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy

i run Puppy most of the time, and i don't feel really unsafe
Back to top
View user's profile Send private message 
muskrat

Joined: 03 Jul 2005
Posts: 24
Location: Gulf Coast TX-MX

PostPosted: Wed 18 Jan 2006, 13:00    Post subject:  

I'm not parinod, I just believe internet security is up to each indavidual. It's also a on going campaign.

Quote:
it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy


Maybe somebody ought to build a hardened version of Puppy, espiacally since it runs as root all the time. Since I'm running just a desktop with no local network, I don't believe I'm much of an atracktion for hackers. But like you said no computor is hack proof, some are just harder than others.

I've also found the harder your system is the more diffacult it is to use. Puppy is easy to use because it doesn't restrick the user he can mount, unmount, change system config files and any other items normally only root is allowed to do.

To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.

_________________
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 18 Jan 2006, 13:47    Post subject:  

muskrat wrote:

To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.


Very interesting what you say Steve,

I too have relaxed. I had to be so vigilant (I did not use a virus protection package in Windoesn't - just care). Virus protection in my view is more of a menace than most viruses I have encountered. However key loggers and trojans and phishers and all sorts are rife on Windows - it is the main reason I changed - I was losing the battle.

Running from CD is so hot! (or is that cool) - Programs are safe. What about the data?
I get my data onto the web as soon as possible - let some server with BSD and all sorts, protect my data. All my secret data (mostly secret fish sauce recipes) is probably of little interest - though Tux has expressed an interest . . . he likes fish too . . .

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
ezeze5000


Joined: 10 May 2005
Posts: 346
Location: Missouri U.S.A

PostPosted: Wed 18 Jan 2006, 18:04    Post subject:  

jmarsden wrote:
This post is probably overkill,but:
BarryK wrote:
Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.

I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!

BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try nmap and (if desired) Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.

Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick
Code:
# netstat -nl --inet
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling Smile [[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to
Code:
# netstat -na -f inet
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]

Jonathan


I tried this code on my puppy:

[code] # netsat -na -f inet

But it worked better this way:

[code] #netsat -na -F inet

I got a good readout with this.

am I correct?
Back to top
View user's profile Send private message Yahoo Messenger 
Display posts from previous:   Sort by:   
Page 4 of 9 [130 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1129s ][ Queries: 12 (0.0049s) ][ GZIP on ]