Thank you for your insight; I certainly was unaware of those possibilities. But I think we have gotten off the path here: This is not about how I can force Puppy to work securely, but is instead about making Puppy "just work" securely, by default, for ordinary users. Currently, the default Puppy LiveDVD form mostly does things right, with a few remaining security issues, but many computers do not have DVD-writer drives.rcrsn51 wrote:By adding "pfix=ram" to my syslinux.cfg file. That's something else that you can test.RandSec wrote:But OK, now how do you know that malware has not given you a malware save file? Presumably this flash is booting on a Windows machine with a hard drive, so how do you know?
Or I could simply check the contents of the flash drive from Windows before booting it. But now we are into tin-foil hat territory.
Sadly, the default Puppy USB flash-boot form has a variety of security issues, mostly associated with having an easily-writable boot store. (Similar issues exist with external hard drives.) Fortunately, USB drives can be given decent security by being unplugged at an appropriate time as a physical write-protect. While even that simple property may require some Puppy redesign, the existing LiveDVD form already provides an excellent model to follow. (With current equipment I expect it would be IMPOSSIBLE to provide a secure internal hard-drive boot, no matter how much redesign or add-on security is provided.)
It may be possible to cover some flash-boot issues with careful user-interaction, but the suggested software processes probably would not be practical for me, let alone ordinary users. Browser and add-on updates, in particular, would be far more complex than the simple Save button currently used by the LiveDVD. "It just works securely" should be an appropriate user expectation, even with USB flash drives.