LightweightPortableSecurity vs Puppy - Puppy wins

For discussions about security.
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#21 Post by Lobster »

Lobster,

Puppy's primary security weakness is its unrestricted and unpoliced repositories structure. Anything can be built into a puppy, a pet or a puppy sfs. Users installing and using install and use what is in the package.
My policy of diving behind the sofa in a tin hat is not going to do it? :wink:

Would (for example) spup being built from Slackware binaries and only providing binaries from Slackware in PPM be potentially more 'policed?
Same question for a dpup?
Puppy's second security weakness is the woof build system, because it provides a seemingly secure collection of system programs for all puplet builders to download and install. As with the unrestricted and unpoliced repositories, the woof system is potentially insecure, for being potentially, intentionally, misguidedly, "for security", or accidentally infected with malware, spyware, etc.
Would that mean that systems such as TXZpup of Fatdog (outside of Woof) would be more secure or again trust in the developer is required?
The problem for me is knowledge. I believe the most likely compromises are already in the the Linux kernel or in major browsers. Perhaps in combination.
However I do not know and must rely on part time grayhats to point out where these are and how to circumnavigate them.

It would seem that a government sponsored 'secure system' is more of a target (because of the potential users)?
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

gcmartin

Security in Puppy not LPS security

#22 Post by gcmartin »

On the reference to Slackware and Debs, I think what Clam01 is sharing is that a PET/SFS could be built into the Puppy REPO stack which modifies a program/subsystem for some misuse.

This in essence takes a secure app and tailors it for some PET/SFS author's misuse.

This is along the same lines on this thread
Hope this helps.

User avatar
Turpin
Posts: 120
Joined: Wed 16 May 2007, 08:07

#23 Post by Turpin »

How much do you trust its security?
How much do you trust your government?

Bligh
Posts: 480
Joined: Sun 08 Jan 2006, 11:05
Location: California

#24 Post by Bligh »

I have run the basic version, I liked that it booted unattended to the desktop and connected to the net vie comcast digital. With the exception of the agreement. As someone else said, I am somewhat wary, I would prefer a Puppy like this. It appears to work well for it;s intended application. For me, I can just remove the internal hdd and run Puppy live. It would appear that it would be fairly easy to do this with Puppy for someone that knows how to do this. I haven't tried to save files to flash drive to see if that works.
Cheers

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#25 Post by CLAM01 »

Lobster,

I think woof and all puppy repos, are as secure as slackware or deb or any other reputable distro repos. In all cases the people who take linux packages apart and check through them are an important part of the security. The people who poke and prod and try things to see if they can make a hole or find a way to wiggle through are, too. A group of puppy code security enthusiasts doing those things with the packages in puppies and in woof would be good for woof and puppy security. I imagine diffing deb and slack and puppy packages between each other would eliminate the common parts, which could be assumed either not infected or all infected. Then the distro specific could be eliminated and only the remaining would need inspection.

The puppy community's problem with security in puppy is that it doesn't take it seriously. Puppy is, in itself, secure enough the community hasn't had to. It is mostly the potential, which is always there, which has to be watched out for. And developments that make things that once did not matter matter. For example, an event logger that locates and identifies files on a computer out in the net. With patent law changed to allow filers to claim patent, having files in computers identifiable elsewhere becomes potentially troublesome.

Salting bits into program parts is potentially not difficult. Developers when they are developing are focused to what they are developing. When they need something, a lib or other dependency, they grab it from where they can and add it, looking to see if it will make their program work. This makes dependencies a place to slip extra bits in. Not called and not interfering, the developer would not notice the added baggage.

Auto-updating mechanisms are dangerous. There has been a surge to make OSs auto-updating. Most browsers, too, are today auto-updating. Malware, spyware and so forth, if it can manipulate an auto-updating feature can install itself. I suspect some of the recent rapid version advancing by Firefox, for example, with equally rapid abandonment of older versions has been to patch vulnerabilities opened by auto-updating advances.

I prefer puppies to not auto-update. They traditionally did not because the main sfs file has to be 'unsquashed' to open it to add or change its contents, then has to be re-squashed. I consider puppies' resistances to sfs updating a key security feature. Auto-updating is currently popular and considered a 'modern' feature, so making puppy main sfs files updatable is being, or has been, worked on (I think tazOC succeeded in making lighthouse auto-updatable, to some extent, but I don't know if his auto-updating was of the sfs files or the pup-save).

I make md5 files for my pup sfs and put them in the folders with them so I can check for continuing sfs integrity periodically. So far I haven't found any changed, but I keep checking.

How far we can trust anything that is 'government sponsored' is a good question. Nowadays, when public servant integrity is justifiably discountable to somewhere below what a Wall Street rating agency would classify ZZZ-minus, if those agencies could be trusted to rate accurately the answer is generally not far. But it depends. For agencies with police powers and political and power agendas, such as "Homeland Security", the FBI, the CIA, any policing agency spying division, the answer is necessarily do not trust. I can't think of any law enforcement agency anywhere today that can be said to have any integrity. Today, even a person with absolute personal integrity, on joining with a policing agency will lose his integrity. Acting with integrity he will surprise people and be classified a misfit. This is unfortunate, but is the case.

The LPS OS of the Air Force, however, because its makers' purpose was to make themselves a secure environment, for their own and any other government users' use, to protect against penetration efforts from in or out of government, can probably be trusted. It appears they built the OS for real individual user security. For this I am pretty sure the files used to build and in the repositories have all been vetted for unwanted inclusions. That the OS was built not to spy but to protect from spying makes the difference.

The same OS, offered on an FBI website, I would assume to be spyware and would not touch it, even if I only used my computer on the internet to post a church bulletin: I have encountered computers used only that way, that had been botted and set up to be remote porn servers, and I have seen no signs yet of any policing agency, or any prosecutor's office, being interested to recognize victims of exploitations not criminals when there is an easy nab and a sure win, especially if there is name-in-the-papers potential, too ("Church Director Running Porn Server From Rectory"). I have also never seen a computer that a law enforcement agency could reach into that it did not reach into, looking just for what it could find that might be illegal. This kind of climate makes security a big deal for everyone, including the naive.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#26 Post by Lobster »

Auto-updating mechanisms are dangerous.
It was one of the reasons I started using Puppy. The auto-updating feature of programs such as 'ad-aware' were being targeted as were the update features of virus protectors.

Android, which I have just started using, makes use of auto updating and when you you install many free apps you give it permission to email your grandmother to spook central or the nearest bot server.

I am not sure what is being targeted these days but the browser contains such wonderful cross-OS potential. It is where I would be investing my javascripting roubles.

. . . meanwhile I notice this forum has been targeted again. This time by posts not from whom they are meant to be.

Strange days. :shock:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#27 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition. :lol:

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#28 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition. :lol:

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#29 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition.

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#30 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin. :)

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#31 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin. :)

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#32 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin.

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#33 Post by dru5k1 »

CLAM01 wrote: For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used).
can I ask you to elaborate on what you said here please?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#34 Post by nooby »

dru5k1 wrote:
CLAM01 wrote: For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used).
can I ask you to elaborate on what you said here please?
Yes look for IP address of that one so we can check it up.

More likely it is the test with the server in MountainView google employee consult something. The guy everybody use because his server has a good uptime 99.999 or something. Him watching over it like a Hawk.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
tazoc
Posts: 1157
Joined: Mon 11 Dec 2006, 08:07
Location: Lower Columbia Basin WA US
Contact:

How is Lighthouse Pup compromised?

#35 Post by tazoc »

CLAM01 wrote:For this, puppy users' real dangers come from inclusions in things that are user-saved and let accumulate and things a builder may wittingly or unwittingly include in a build, or that may be in a program he's used in a build.

For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used). Open source, of course, means one may freely add spyware, too, if one wants to.
I have no idea what compromise you've found, and I did not include any spyware or web bots in LHP. The only 'writing home' it does is to check for available updates to Lighthouse shortly after login by downloading this small package list and comparing it with the previous one. Only does this once per day. Displays a brief pop-up with gtkdialog-splash if there are any new updates available. The actual updates, e.g., bug fixes or browser updates, are only transferred if user selects them in Lighthouse Update. This behavior can be disabled by deleting or moving /root/Startup/lhp-update-notifier into DisabledItems. This is described in the Lighthouse Update | Help dialog. The notifier script is at /usr/sbin/lhp-update-notifier.

It may have seemed to be Firefox because the notifier sleeps for 20 seconds and waits until an Internet connection is active before continuing. The connection is tested by pinging google or icanhazip.com with /usr/sbin/ifactive. The notifier tries the connection occasionally for 90 seconds and then exits. This is because WiFi connections can take a while to connect. LHP 5.03's browsers run as root, however Lighthouse 64 (in development) follows the prudent Fatdog 64 approach and runs the browsers as the unprivileged user spot by default.

Please PM the appropriate developer directly if you observe unusual behavior in any Pup. I think they will all be happy to clarify and/or improve security where necessary.
-TazOC
[url=http://www.lhpup.org/][b][size=100]lhpup.org[/size][/b] [img]http://www.lhpup.org/gallery/images/favicon.png[/img][/url] [url=http://www.lhpup.org/release-lhp.htm#602]Lighthouse 64 6.02[/url]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#36 Post by Lobster »

Its purpose is probably the installation of a keylogger in your Windows partition.
I think this is a legitimate concern and may well have occurred to me. :oops:
If visiting dubious sites (for example downloading from prawn sites) you are giving the site permission to upload to your site.
So a keylogger or other malware to compromise Windows (chances are it will target Windows) in the same place is a tempting possibility for the malwarians.
I have vids of naked prawns and Windows on the same drive. Recently I booted into Windows and it was sluggish. Not sure If I have any protection on that Windows. So it could be very badly compromised.
So I should delete Windows (always a good plan). :)
I must admit I hardly ever boot into the Windows drive. Booting from it has to be enabled from the BIOS.
So it is possible to inadvertently download nastiness with LPS or Puppy for other OS.

Another possibility is an installed add on app for Firefox or Seamonkey.
Such an app may be clean (I am not sure how well they are checked but let us assume they are) but may have an auto-update facility that runs a new version of the program for some unlucky recipients.
Such an app would have access to XUL (the Firefox and Seamonkey language) and javascript and therefore could work across different operating systems.

:roll:
I must admit this scenario fills me with no sense of fear or foreboding.
I just don't have the right head for tin foil millinery.

PS
the prawn stays. :wink:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#37 Post by CLAM01 »

Oooh, looks like I hit a three for one sale on posts on Sunday. Unless the post bounced off the walls and hit the board in three ricochets. Three for the price of one is too good a deal to pass up, even when the one is free...

About the Firefox browser problem I met in Lighthouse: First, I should have used past tense. Using present I suggested it ongoing. I don't use Lighthouse on the net, for other reasons, so as far as I know it isn't (if it was I'm sure others would be noticing). The Firefox involved was a 3-series, the "test" opportunity came from the DoS attack against WikiLeaks. I re-started three times, clean (once ram) and the browser returned to full-time pinging each time. The server address written to googled to be in Dallas Texas. I did not document, I went on to try Opera and Seamonkey and then the three in other puppies. None did anything odd, so I deducted the problem was that Firefox in Lighthouse. I assume it was compromised, or compromisable and had its signature targeted.

The backside of the GPL's allowance for free modification is that it isn't only good-guys allowed to modify, which is another reason for checking and re-checking, even what comes from reliable sources, in case they have been slipped into.

As I said, the problem seemed to be in Firefox, which has updated extensively since then. I like Lighthouse and use it regularly when I want a full-feature puppy. I don't use it on the web, not because I don't trust lighthouse, but because i don't trust the web. I use simpler puppies on the web. Ones with fewer convenience features and systems. Those are great in a secure environment, but are more to have to have to keep track of and to have to look in, around and behind, and to have to search in and sweep around when looking for flies and fleas and other vermin that have, or might have, got in.

Auto-updating I prefer to not have. I don't even like auto-connect to the web. Even puppy's pet-fetch features make me nervous and paranoid. I go to ibiblio to manually download my pet package and even cross my fingers installing them just by clicking. It makes me feel manly when I'm told dependencies are needed, so I can say, "yes dear." and go find and fetch them. But if I find anything weird about a package I've installed I can go to where I have it stored and look in.

Nowadays I rarely do. I am avoiding CLI almost entirely. Almost no one in the computer-using world knows CLI, so if anything is to be secure for all users, instead of a unique few, it has to be idiot-proof secure or user-securable through GUI.

For this I can't even spread my favorite puppy-virus using a script. I have to spread by suggesting others try it for fun. Here is the recipe:

Our object is to make our puppy (any breed or cross) more secure. As we all know, our puppies are not secure because we run as root. To be secure we want to run as spot. The easy way to do this is to move our root to spot. To do this just open two file windows (one if you run one of those two-paner file managers), go up one level to /, in one and open the other to spot. Then drag root from the / window and drop it in the spot one. That's all there is to it. Our root is now safe in spot. We are all done. Literally. Everything we do from this point on that triggers a call to a file in root will stop for being unable to find root. Nothing can get instruction from root, now tucked safely away in spot, secure even from us and our own computer. What is really cool and real virus like is the way all our open programs continues to work until we try to do something with one, whereupon it immediately freezes up. It's proper virus-infection behavior.

To recover demonstrates the first-most security feature of puppy. We have to hard-reboot, since root being lost makes everything stop (including, fortunately, writing the move of root to the pup-save file). When our puppy reboots it reboots through a normal restart to a normal puppy rebuilt from the main sfs, pup-save and additional sfs files. A healthy puppy, all recovered, no longer sick. Puppy is, indeed, virus-proof, and idiot-proof! Not, however, that pup-saves can collect malware and should be cleaned every now and again. For convenience, if you customize settings, and add programs, set your puppy up as you want and build a custom that incorporates what you want as you want it, so all is in your main sfs, then save everything important to one or two files in your pup-save that you can move out to a partition before you clean your pup-save (mouse a frame around all contents and quiet-delete).

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#38 Post by dru5k1 »

So you say your firefox 3 series was pinging a .gov (us government) address repeatedly from a clean .iso -interesting- but you also say that you like to remaster too, this means your clean .iso may not have actually been a clean one I guess.. It's great to hear from Tazoc that a seperate connect-script may have made it 'seem' like it was firefox doing this

Was it actually a .gov address?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#39 Post by nooby »

Clam01

I wish I was more computer savvy, I am an absolute computer challenged guy but what you say in my quote below is interesting.

I wish somebody geeky could test it and explain how to use it for us Noobs.
Clam01 wrote
Our object is to make our puppy (any breed or cross) more secure. As we all know, our puppies are not secure because we run as root. To be secure we want to run as spot. The easy way to do this is to move our root to spot. To do this just open two file windows (one if you run one of those two-paner file managers), go up one level to /, in one and open the other to spot. Then drag root from the / window and drop it in the spot one. That's all there is to it. Our root is now safe in spot. We are all done. Literally. Everything we do from this point on that triggers a call to a file in root will stop for being unable to find root. Nothing can get instruction from root, now tucked safely away in spot, secure even from us and our own computer. What is really cool and real virus like is the way all our open programs continues to work until we try to do something with one, whereupon it immediately freezes up. It's proper virus-infection behavior.

To recover demonstrates the first-most security feature of puppy. We have to hard-reboot, since root being lost makes everything stop (including, fortunately, writing the move of root to the pup-save file). When our puppy reboots it reboots through a normal restart to a normal puppy rebuilt from the main sfs, pup-save and additional sfs files. A healthy puppy, all recovered, no longer sick. Puppy is, indeed, virus-proof, and idiot-proof! Not, however, that pup-saves can collect malware and should be cleaned every now and again. For convenience, if you customize settings, and add programs, set your puppy up as you want and build a custom that incorporates what you want as you want it, so all is in your main sfs, then save everything important to one or two files in your pup-save that you can move out to a partition before you clean your pup-save (mouse a frame around all contents and quiet-delete).
This being the LPS vs Puppy thread maybe one have to start a new thread. I think I do that in Security.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#40 Post by dru5k1 »

I agree with nooby

It looks so simple, so almost too good to be true

Please explain as you've obviously done it.. and what (if any) are the 'consequences'?

Post Reply