The Official Release of Lucid 5.25 (Lucid Five Twenty-Five)

A home for all kinds of Puppy related projects
Message
Author
User avatar
myke
Posts: 102
Joined: Tue 15 Mar 2011, 16:20
Location: Québec

#1501 Post by myke »

Re "bad steak", a good critic (at least the ones I respect) will either say the restaurant bought poor quality meat, the cook overcooked it, or the spicing was inappropriate and state what must be done in detail to correct it, etc.

So, criticizing the security of Puppy without delineating the steps required in concrete detail to upgrade puppy without degrading performance is the real challenge. Whining about security is not.

I repeat what I said before: come up with a security-enhanced puppy w/o degraded performance and we will all d/l and try it out. That I promise you. If you can't do it yourself, then volunteer to assist a dev. I believe Jemimah is a sys admin, who must deal with security issues on an ongoing basis; why don you PM her?

myke
AA1 D255E-keucr slacko 5.3;luci;mijnpup; tw-os; with:Emacs,gawk,noteboxmismanager,treesheets, freeplane, libreoffice, tkoutline, Sigil, calibre, calendar. magic&Noteliner(wine), kamas (DOS)

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1502 Post by RandSec »

wuwei wrote:Luluc wrote:
PROVE what you're saying. If you can't do it yourself, fine, just point us to any page that describes the necessary steps to achieve this kind of magic of which you speak so often. Is that asking too much? Just prove it, dammit!
+1

Yes, pleeeeaaaase. One concrete example. ONE only!
-2

Examples of weakness are the PROVEN WRONG approach to security. To have even one is to realize that the system really was weak, after all, even when it was considered strong. But finding a weakness and patching that will not create security. In practice, all large, complex systems will always have exploitable errors or flaws, no matter how much patching is done.

To attain security, it is necessary to work in ways which PROVABLY PREVENT insecurity. My approach has been to prevent "infection": the ability of maware to get itself restarted on subsequent sessions. Infection is the largest danger, because an infected system may run a hidden bot for hundreds of sessions. Systems which flush malware and start out clean on each session may run malware, but only if and when acquired, and then only for half a session, on average.

To the extent that anything is ever new, this is a new and original approach to security. Puppy supports this, and nothing else does (as far as I know). It seems a shame for Puppy to not recognize its strengths and build upon them.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#1503 Post by nooby »

That would work for non-writeable CD and such DVD? But only on USB and HDD if them could be set to nonwriteable or how else to do it?
I use Google Search on Puppy Forum
not an ideal solution though

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1504 Post by RandSec »

myke wrote:Re "bad steak", a good critic (at least the ones I respect) will either say the restaurant bought poor quality meat, the cook overcooked it, or the spicing was inappropriate and state what must be done in detail to correct it, etc.

So, criticizing the security of Puppy without delineating the steps required in concrete detail to upgrade puppy without degrading performance is the real challenge. Whining about security is not.
"Whining" about a bad steak is how we avoid going back for the same thing again. It is unnecessary to analyze how it was bad or who caused it, because what matters is the going back.

I have presented security issues in more than enough detail to consider for implementation. For me to propose solution code would involve me knowing more than I do, or ever will. Sufficient information has been presented for the designers to use, or not.
I repeat what I said before: come up with a security-enhanced puppy w/o degraded performance and we will all d/l and try it out. That I promise you. If you can't do it yourself, then volunteer to assist a dev. I believe Jemimah is a sys admin, who must deal with security issues on an ongoing basis; why don you PM her?

myke
Improving security almost always involves some cost. Having a door means it must be opened, instead of just walking through. Having a lock means fumbling for the key. Having a firewall means that firewall code must run, instead of just accepting everything. Using a LiveDVD may be somewhat inconvenient, but as a path to security that inconvenience can pay off.

We have what we have, and Puppy is what it is, because current designers allowed that to happen. They were satisfied; I am not. Just finding a designer to talk to is not going to solve that problem.

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1505 Post by RandSec »

nooby wrote:That would work for non-writeable CD and such DVD? But only on USB and HDD if them could be set to nonwriteable or how else to do it?
Most of the optical media we would use are in fact writable, although the writing process is both longer and more visible than a hard drive or even flash drive write. I assume that malware cannot write to my DVD+RW disc without that becoming apparent. But we could certainly remove the boot DVD immediately after booting, thus PROVABLY eliminating new infection as long as the computer was not yet online (or getting an infected USB drive plugged in). So we need an option for Puppy to not immediately connect online.

Our current computer systems are designed with an inherent lack of hardware to prevent malware from changing boot code and data. Fortunately, good security is largely already available in a LiveDVD approach. Unfortunately, many modern computers do not have a DVD drive, which in any case will be slow and, in my experience, error-prone. Still, one alternative is to use an external DVD-writer (provided the computer would boot from it), ideally with no hard drive at all.

When we do a LiveDVD boot with a hard drive present, such as an existing Windows drive, we have to consider the security consequences of malware creating or infecting a Puppy save file. That could be avoided with a configuration where Puppy would not search for or read that file. That should actually improve startup performance.

In non-LiveDVD systems, what counts is hardware "air gap" or "power off" security. To achieve that, we can boot from an external USB hard drive or flash drive--provided we can remove that USB plug prior to any risky operation. We need to allow a careful manual update from well-trusted sites, a manual save, and then removal of the USB connector, thus isolating the USB drive.

When I boot from flash, Puppy says that flash must not be removed. Even worse, it writes to the flash periodically. How could anyone imagine that would protect against malware infection? I have also acquired and used a flash with write-protect, which then becomes insecure forever after as soon as writing is enabled for browser updates. So for a secure HDD or flash boot, I think we are forced into waiting for changes to the Puppy design.

We need to be able to remove the flash once the system has been loaded into RAM and is running. We know that can be done, because the LiveDVD system can do it. We can remove the DVD after boot, to play a music CD, or to write a new .ISO. So gaining the ability to unplug the boot drive is not an unreasonable request. But unless and until Puppy changes, I cannot see a way for a USB flash boot drive to be both secure and offer practical support for browser security updates.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#1506 Post by rcrsn51 »

RandSec wrote: But unless and until Puppy changes, I cannot see a way for a USB flash boot drive to be both secure and offer practical support for browser security updates.
Keep the latest version of your browser on the flash drive as a PET. That's easy to do with Firefox. Boot off the flash drive with NO savefile. Mount the flash drive and install the PET. Unmount and remove the flash drive.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#1507 Post by nooby »

Seaside described him first making a pupsave with his personal preferences and then making an .sfs file out of it that is not writeable too.

Would not that allow us to make a more save version of puppy?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
pemasu
Posts: 5474
Joined: Wed 08 Jul 2009, 12:26
Location: Finland

#1508 Post by pemasu »

Hmm, to secure the puppy first we should close all the backdoors which are build in puppies.

http://murga-linux.com/puppy/viewtopic.php?t=37317


Easter bunny told me so.......

User avatar
MinHundHettePerro
Posts: 852
Joined: Thu 05 Feb 2009, 22:22
Location: SE

#1509 Post by MinHundHettePerro »

Playdayz, my apologies for taking part in the derailment of your thread :oops:. Forgive me for my noobish post.

RandSec, maybe, just maybe, Puppy might not be the ultimate security tool that you pursue, root and all. Perhaps, one of the the following distributions would offer some enhanced security against the malware you're fighting off so vigorously:
*. Incognito Live System
The (Amnesic) Incognito Live System is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace.

*. NetSecL
NetSecL is a security-focused distribution and live DVD based on openSUSE (starting from version 3.0, previous versions were based on Slackware Linux). To improve the security aspect of the distribution, servers have been removed, incoming ports closed and services turned off. Additionally, several penetration tools have been included.

*. Network Security Toolkit
Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools. What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.

*. OpenBSD
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set.
Or, perhaps, one of these live derivatives of OpenBSD - ran quite well on my ageing gear when I last tried them:
*. FuguIta
FuguIta is an OpenBSD live CD featuring portable workplace, low hardware requirements, additional software, and partial support for Japanese. This live CD is intended to be as close as possible to the default OpenBSD when installed on a hard disk.

*. GNOBSD
GNOBSD is an OpenBSD-based live DVD which boots into a GNOME desktop and which includes a graphical system installer (written in Ruby) for transferring the system to a hard disk or a USB storage device. The system includes some popular desktop applications, such as Mozilla Firefox and MPlayer.
hth :), and again, sorry for the derailment, Playdayz :oops:/ MHHP
[color=green]Celeron 2.8 GHz, 1 GB, i82845, many ptns, modes 12, 13
Dual Xeon 3.2 GHz, 1 GB, nvidia quadro nvs 285[/color]
Slackos & 214X, ... and Q6xx
[color=darkred]Nämen, vaf....[/color] [color=green]ln -s /dev/null MHHP[/color]

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1510 Post by RandSec »

rcrsn51 wrote:
RandSec wrote: But unless and until Puppy changes, I cannot see a way for a USB flash boot drive to be both secure and offer practical support for browser security updates.
Keep the latest version of your browser on the flash drive as a PET. That's easy to do with Firefox. Boot off the flash drive with NO savefile. Mount the flash drive and install the PET. Unmount and remove the flash drive.
Does that work? Have you tried it?

While I have various questions about making Firefox plus add-ons a .PET, and then updating those and making a new .PET, that is not the problem. Nor is my understanding that Puppy looks for a save file, whether created by user or malware. Nor is the idea that the booted system goes online immediately and by default with no firewall. No, the real problem is not being allowed to remove the boot drive after boot:

As of my repeated experience with flash-drive Puppy as of about 2 months ago, Puppy insists that the boot drive NOT be unmounted and removed. As far as I know, using normal desktop operations, Puppy simply DOES NOT ALLOW unmounting the boot drive, which is the basis for most of this problem. If that has changed so one can boot from flash then unmount it, I would be glad to know.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#1511 Post by rcrsn51 »

RandSec wrote:Does that work? Have you tried it?
Yes and yes.
As of my repeated experience with flash-drive Puppy as of about 2 months ago, Puppy insists that the boot drive NOT be unmounted and removed. As far as I know, using normal desktop operations, Puppy simply DOES NOT ALLOW unmounting the boot drive, which is the basis for most of this problem. If that has changed so one can boot from flash then unmount it, I would be glad to know.
You only see the message about not removing the flash drive if Puppy loads a savefile. If you start without one, the flash drive is not mounted and there is no problem removing it. At little testing on your part will confirm this.

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1512 Post by RandSec »

nooby wrote:Seaside described him first making a pupsave with his personal preferences and then making an .sfs file out of it that is not writeable too.

Would not that allow us to make a more save version of puppy?
First of all, we cannot trust software write-protect permissions to prevent malware from writing after malware has subverted the OS.

It is possible to hardware write-protect a Puppy boot flash. The problem then becomes updates. In my case, I found I was lacking the self-control needed to do the update process: turn write-enable ON, boot, browse, update, close browser, shutdown and power off, turn write-enable OFF. I would usually get distracted, and by the time I realized my error I had wandered far off the reservation. But since the flash had been updating in real time, it was impossible to go back. This is a completely different situation from the desktop Save button, where one can realize that one has gone too far, and then NOT DO THE SAVE. Automatic real-time flash updates remove that option. So then the flash is insecure, with the only cure being to re-install Puppy on the flash, all over again.

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1513 Post by RandSec »

rcrsn51 wrote:
RandSec wrote:Does that work? Have you tried it?
Yes and yes.
As of my repeated experience with flash-drive Puppy as of about 2 months ago, Puppy insists that the boot drive NOT be unmounted and removed. As far as I know, using normal desktop operations, Puppy simply DOES NOT ALLOW unmounting the boot drive, which is the basis for most of this problem. If that has changed so one can boot from flash then unmount it, I would be glad to know.
You only see the message about not removing the flash drive if Puppy loads a savefile. If you start without one, the flash drive is not mounted and there is no problem removing it. At little testing on your part will confirm this.
That does sound a little snide, considering I have indeed done testing, and if leaving the save file out is the trick, it really is a trick.

But OK, now how do you know that malware has not given you a malware save file? Presumably this flash is booting on a Windows machine with a hard drive, so how do you know?

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1514 Post by RandSec »

MinHundHettePerro wrote:Playdayz, my apologies for taking part in the derailment of your thread :oops:. Forgive me for my noobish post.

RandSec, maybe, just maybe, Puppy might not be the ultimate security tool that you pursue, root and all. Perhaps, one of the the following distributions would offer some enhanced security against the malware you're fighting off so vigorously:
hth :), and again, sorry for the derailment, Playdayz :oops:/ MHHP
My goal is to see Puppy improve to the point where I could recommend it for serous use in online banking. Personally, I have a wide range of options. In contrast, Puppy has a unique market opportunity which will not last and will not come again.

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#1515 Post by 666philb »

in puppy's menu/utilility/gtkhash

hash your files... and check them if you wish
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#1516 Post by rcrsn51 »

RandSec wrote:But OK, now how do you know that malware has not given you a malware save file? Presumably this flash is booting on a Windows machine with a hard drive, so how do you know?
By adding "pfix=ram" to my syslinux.cfg file. That's something else that you can test.

Or I could simply check the contents of the flash drive from Windows before booting it. But now we are into tin-foil hat territory.

User avatar
sszindian
Posts: 807
Joined: Sun 25 Apr 2010, 02:14
Location: Pennsylvania U.S.

Some more knowledge

#1517 Post by sszindian »

Just as a thought about virus, maleware, trojan horses etc... the article at this website is a bit old however... its topic is:

How to write a virus for Linux in 5 easy steps...

Certainly interesting reading!!!!

http://www.geekzone.co.nz/foobar/6229

>>>---Indian------>

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#1518 Post by nooby »

rcrsn51 wrote:
RandSec wrote:But OK, now how do you know that malware has not given you a malware save file? Presumably this flash is booting on a Windows machine with a hard drive, so how do you know?
By adding "pfix=ram" to my syslinux.cfg file. That's something else that you can test.

Or I could simply check the contents of the flash drive from Windows before booting it. But now we are into tin-foil hat territory.
Rcrsn51 could I ask this:
What about us who are on frugal install on HDD and have grub4dos instead of USB syslinux booting?

And if one make the pupsave.3fs into a zl525332.sfs file instead does that help?
I use Google Search on Puppy Forum
not an ideal solution though

radky
Posts: 977
Joined: Mon 03 May 2010, 03:13

#1519 Post by radky »

Attachments
PS-1.png
(31.32 KiB) Downloaded 1745 times

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#1520 Post by playdayz »

PupSnap 1.6 to Lupu PPM

Quickpet -> More Pets -> Update Lupu PPM

-----------------------------------------------------------

In a few days or a week, I will look through this thread since the release of Lucid 5.2.5 and see if there are enough fixes or enhancements to make an Instant Update. The ffconvert front-end seems like a good thing to include.

Post Reply