Viruses in PUPPY Linux, YES, "Viruses in Linux"

For discussions about security.
Message
Author
Bruce B

Re: Reacting to Media?

#61 Post by Bruce B »

Sky Aisling wrote:Bruce wrote:
My rule is try not to interact with the media...
What do you mean, not to interact with the media? What do you mean by the word *media*?
In the context - the media is flash objects. A movie you watch as an example. Maybe an advertisement.

Some videos encourage you to click on a hyperlink embedded in the video. I don't click on those things. This is an example of what I mean by not interacting.

~

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#62 Post by RetroTechGuy »

nooby wrote:Thanks Bruce. What user name and password has Puppy?
When are one supposed to set up such for root?
Root has a default password set (as you will see if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)

Type: <cntl><alt>F1-4 to access those TTYs... F1 is the window, upon which X is launched. F2 and F3 are available console windows. F4 brings you back to the GUI interface.

The default password is "woofwoof". The command "passwd" will let you change it. (this doesn't change that you are already running as root, and automagically logged in, so anything you do has permissions).
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#63 Post by nooby »

Thanks RetroTechGuy ,

now that you remind me then I do recognize the password woofwoof.
and that one get automatically logged in.

Very embarrassingly but I got lost trying to get this part
if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)
Not your fault I am incredibly dense at times. I've used Puppy daily now since a year or so and have remotely heard the word TTY being mention but never had any motivation to know what it refers to.

When I came from the Country and arrived at our Big City then I saw a TTY at the Tele Museum and then later I even sat at one in the Royal HighSchool HAM RadioClub and wow them are impressive.

TeleTYping?

One guy told us about that he was tele something into his Kindle using Puppy so that maybe is something similar then? One use the computer OS and Console as a tele type terminal and send commands to the other computer over some TTY protocol?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#64 Post by RetroTechGuy »

nooby wrote:Thanks RetroTechGuy ,

now that you remind me then I do recognize the password woofwoof.
and that one get automatically logged in.

Very embarrassingly but I got lost trying to get this part
if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)
Not your fault I am incredibly dense at times. I've used Puppy daily now since a year or so and have remotely heard the word TTY being mention but never had any motivation to know what it refers to.
Well, in Linux, it's among your "devices": tty0, tty1, tty2...

They are basic (nongraphical) console windows. Your first tty window has X running from it, and you have 2 more that are "unused" (and you can switch to those, log in, run "top" or "ps xua" to identify troublesome processes, and kill them from the command line).

When you crash out of X, you end up on a command-line console window -- and from there, can type "poweroff" to completely shut down. Or from this window, you can restart X via "xinit" (and I believe that a couple other commands are synonymous).
When I came from the Country and arrived at our Big City then I saw a TTY at the Tele Museum and then later I even sat at one in the Royal HighSchool HAM RadioClub and wow them are impressive.

TeleTYping?
Basically,...Yup...

http://www.linusakesson.net/programming/tty/index.php
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]

User avatar
The Fly Roper
Posts: 4
Joined: Thu 21 Apr 2011, 02:59

#65 Post by The Fly Roper »

Hi everyone. Longtime reader. Love puppy madly.

So here's my thought, which, in spite of the fact that these threads come up at least once a month, isn't brought up enough.

So puppy runs as root. Let's think about the worst case scenario for root user being compromised in puppy, which is (in its current design) a single-user, home system.

You go to a site that attaches malware to puppy. It's a morphing virus that's difficult to track, since the code changes every time it propagates. It attaches to the kernel, which is on most systems the most desirable target.

Puppy user turns off computer. Kernel disappears. Poof.

Puppy user turns on computer. Kernel is brand new, in perfect state from boot disc. So are most of the system files, since they also live on the boot disc.

Puppy lives in a sandbox. Now although, since, while running as root, an attacker could theoretically open any disc drive attached to the device, they might be able to open some drives. Still, turn it off and turn it on, and you've just outwitted the attacker.

A static configuration, such as the one on the puppy disc, solves SO MANY security problems. On a system where all your system files are permanently on the hard drive, running as root means you would either 1) have to find the attacked, modified file, or 2) reinstall the whole system from the ground up and hope the attacker wasn't lurking in your data drives (which I sure hope you put on separate partitions!)

Now, none of these attacks are easy, or particularly likely, ESPECIALLY if you're browsing sensibly. I proposed attacking the kernel because it's one of the few things every subspecies of linux has in common. But let's presume, for the sake of argument, that somebody actually did compromise system files. Now, if you're running a save file, they've attached to a file that you're saving there.

OMG!!!!1!!!1111 You've lost, at most, 1.25 Gigs of stuff! And you almost certainly will know what is important on your save file. Just pull the stuff you care about off of it, create a new save file, and 'shred -u' the last one. Boom, virus gone, completely new OS, and you've lost, what, half an hour?

Now, I'm not saying this is a suitable system for fully automated servers. That's a completely different story. But for a single user system, from a recoverability perspective Puppy is hard to beat. Add the speed and usability that are both priorities of the excellent dev team and you've got a real winner of a system.

Bruce B

#66 Post by Bruce B »

Who knows where the kernel even is?

I simply installed Puppy in typical Frugal install. I left the name as vmlinuz, but I could have renamed it.

Even on a typical Frugal install, it is hard to speculate the name of the directory the user made.

Also there is a way to make it unchangeable to the extent even root can't delete or modify it.

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#67 Post by nooby »

Crazy idea.

What if one rename the needed lupu525.sfs to a password?
And the dir to another password. That way the criminals would have no way to get where them are? Unless whoami reveals such maybe?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#68 Post by Sky Aisling »

nooby Writes:
What if one rename the needed lupu525.sfs to a password?
And the dir to another password. That way the criminals would have no way to get where them are?
Good Thinking, nooby.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#69 Post by Sky Aisling »

In the context of this discussion...

Is a Frugal Install 'safer' than a Full Install?
If so, why?

I, like The Fly Roper, prefer using a Live CD, however, there are times that installation to HDD is preferred.

User avatar
The Fly Roper
Posts: 4
Joined: Thu 21 Apr 2011, 02:59

#70 Post by The Fly Roper »

well, on a frugal install you could make a hash using the sha*sum programs (sha1sum, sha256sum, sha512sum), store that in a secure, offline location, and calculate the sum again on bootup. In fact, that wouldn't be a tough feature to add to puppy in general. If those sums work out, you can be absolutely certain that the files you're running against have not been modified. You might want to do many rounds, though. Like 5000 or so.

Post Reply