Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 17:51
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Security in Puppy Linux: running as Root
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 4 Posts_count   Goto page: 1, 2, 3, 4 Next
Author Message
HiDeHo

Joined: 16 Mar 2011
Posts: 286

PostPosted: Tue 08 May 2012, 03:38    Post_subject:  Security in Puppy Linux: running as Root  

Hi just wanting to start a discussion on this

Puppy runs as root by default this could leave you vulnerable to being hacked or getting viruses, so does pose some risks.
  1. some users setup there puppy os with all settings and accounts setup. then they remaster(make an iso) of this and burn it on cd. they run from cd in ram and don't use a save file or they use a re-writable (rw) cd and have a small save file on the cd/dvd. this is pretty secure. viruses that are designed to run on a hdd cant as there is none.
  2. if you run your puppy os on a hdd or flashdrive full or frugalett the hdd or save file has a risk of getting a virrus. (even though linux generally is safe from viruses and hacking both still can happen.
  3. run as spot user (runs apps without being root) or fido (fido is user account setup like any normal operating system). both run as a non root. also you can just run the apps that access the internet in spot
  4. puppy also has a great firewall and there was also a system wide adblocker app made
what are your thoughts, experiences, ideas about security in puppy. feel free to share them

I have written this post quickly to get the ball rolling and will add relevant links when i have time or if anyone provides them below.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 08 May 2012, 04:10    Post_subject:  

Smile

Your router probably has a firewall
You don't need GROWL security, I wrote the program but never bother with it. I may eventually port it to Puppi on the Raspberry Pi
GROWL is somewhere here and built into Puppy Slacko 5.3.3
http://puppylinux.org/wikka/security

If you want to worry about security
then first know that my ISP recently censored
a web site (the Pirate Bay) as no longer accessible according to British
'Law'.
http://www.guardian.co.uk/technology/2012/may/02/pirate-bay-block-virgin-media

Good thing the Law is protecting the rights of Lobbyists [ain't it always the case] - no relative incidentally
I may have to join the Pirate Party
http://www.pirateparty.org.uk/

Google Mail and other cloud services are being data mined etc.
You can always trust your bank manager with your root password I suppose . . . or maybe not . . . Confused

Thanks for starting the debate. Smile
I think I may go to the local police station and hand myself in for using Linux without due patent payment to Microsoft. Very Happy
http://www.linuxtoday.com/infrastructure/2011052900139NWMSLL

The question is who is after you
and have they already pwned you?
Who said 'Long Live FUD'?

Puppy is a state of penguin
Security is a state of Mind

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 08 May 2012, 07:03    Post_subject:  

HiDeHo wrote

"run as spot user (runs apps without being root)
or as fido (fido is user account setup like any normal operating system).

both run as a non root. also you can just run the apps
that access the internet in spot"

Thanks for taking up this subject. Are you good at using spot and fido?
I fail to get how it works. Okay no surprise because I am a confused user.

1.) Can you describe how you do it? Fido or Spot which is best? Pro et Cons for them?

2.) Suppose you have activated Fido at shutdown? Are you on Lupu
Slacko or Wary or what? So you are using Firefox and posting here in forum.

And there is a .sfs file you want to save from the forum.
How does that work in Spot or Fido? does it end up only
within Spot or Fido and you later have to move it to root HD?

3.) Suppose you want to download an iso from DW and you browse to that
link and click on it. How do you save to a linux-iso directory on the root
HD using your Fido or your Spot user?

4.) I know nothing but I get the gut feeling that Spot or Fido makes you
safer in that as a restricted user the Virus or Malware or Trojan can only
reach the home of Spot or Fido and have to log off and log in as root
for to save itself to the HD?

But as soon as you yourself does log into Root again for to move the
downloaded files .sfs and .iso files to root HD then the Virus or Malware
or Trojan also can move itself to root HD and then there where no safe
usage of Spot or Fido? The only way to make it safe is to reboot? before
using root again??? I may be wrong explain please!

So it would only work if you shutdown completely and then reboot into root?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
greengeek

Joined: 20 Jul 2010
Posts: 2596
Location: New Zealand

PostPosted: Tue 12 Jun 2012, 04:02    Post_subject:  

It doesn't really matter if you are using Microsoft, Apple, Android or Linux. The internet (and router code) was developed by the U.S military. Everything you enter into your (internet connected) computer is visible to other people.
http://www.naturalnews.com/036147_Flame_virus_malicious_code_cyber_terrorism.html
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 12 Jun 2012, 12:28    Post_subject:  

Is it not typical that this few people share their views?
I feel disappointed. Was it my post that caused others
to decide to not contribute? Should I edit my posts
and write wrong thread and have no comment at all?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Tue 12 Jun 2012, 12:58    Post_subject:  

check this topic for some info:
http://www.murga-linux.com/puppy/viewtopic.php?t=50488
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 12 Jun 2012, 16:10    Post_subject:  

Nope that is not a good place to look.
http://www.murga-linux.com/puppy/viewtopic.php?p=427743#427743
I made a post in that thread and nothing useful came out of it
on the level I need to know.

Then you have this long thread. Fixing Fido.. by 01micko
http://www.murga-linux.com/puppy/viewtopic.php?t=71358
one of Puppy's best developer and that thread has not solved it either.

AFAIK not developed well enough to have an official status on how to set up things.

But back to the topic of this thread.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
tallboy


Joined: 21 Sep 2010
Posts: 444
Location: Oslo, Norway

PostPosted: Wed 13 Jun 2012, 00:30    Post_subject:  

I agree with nooby, that this is an interesting subject. I think that one of the reasons that few people take part in this discussion, is that the concept of 'security' is misused every day. We are regularly being bombarded with reports of virus attacks, made by hoardes of bandits having nothing else to do than attacking domains and causing havoc. The constantly evolving browsers and other internet based applications, with all their new smart fatures, makes it difficult to grasp the basic problems; they drown in all the other hype over this and that security hole!

I think that a listing, or an overview, of the elements having a basic need for protection when using a network, made by one of you experts on the subject, is necessary to publish here, before any useful discussion can progress. Matters regarding running as root, and possibly other puppy related issues, are of course of special interest. It would also be interesting to know if the focus of attention regarding security, has moved over the last years, as a consequence of the technological advances.

I, for my part, know far too little about network issues to make any valuable contribution in the matter.

My views in the debate on the /root vs /home/user/ issue:
  • Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.
  • When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?
  • When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...
  • Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!
  • I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?
  • Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.
  • I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.
  • I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.
  • To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)
  • Chroot, anyone?

tallboy
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Thu 14 Jun 2012, 21:41    Post_subject:  

nooby wrote:
Is it not typical that this few people share their views?
I feel disappointed. Was it my post that caused others
to decide to not contribute? Should I edit my posts
and write wrong thread and have no comment at all?


I was going to reply to you regarding how a restricted user operates compared to root user.

I just didn't know quite how to explain it. Here is a starter:

Linux is modeled after an extremely expensive operating system Unix.

The "floor plans" for Unix was designed as a multiple user OS. I also mean multiple users at the same time.

Two important design considerations were protecting the computer from the users and protecting the users from each other.

Diverging a bit. It is my opinion that security should be in the foundation of an OS rather than as bolt on software such as Microsoft does.

Specifically, Microsoft marketed DOS with hardly a thought for security or even connectively. Then DOS evolved into a GUI OS, but the security holes had to be discovered and bolted on because security was not in the foundation.

Unix always had a reputation of being fairly secure while Windows earned a reputation of being a malware magnet or something of the sort.

Now, if you fairly well understand directory trees and files, the next thing to understand is file permissions. I checked the Internet before posting to you to see if there are good Linux file permission tutorials available and there are. For this reason I won't try and teach file permissions to you. But they must be understood to understand the restricted user and root user differences

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Thu 14 Jun 2012, 21:52    Post_subject:  

Fatdog 600 beta1 has non root capability. Use multiuser.
_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 15 Jun 2012, 09:26    Post_subject:  

Thanks Bruce.

I have tried to get such since about 2006 or 2007
and most likely I am not clever enough to get those things.

Lobster, If Fatdog really is multi user that would be a sensation. Apart from the old one based on 421?
none have accomplished this.

Is Fatdog then a variation or "fatter" version of 421
or a totally new attempt based on Lupu?

(Edit after relearning username. Pizzasgood. I referred to you there Sorry forgot name.)

I mean I read here for hours every day how can I have missed
that it is multi user? Have they kept it secret Smile

My naive guess is that they have a single user with spot and fido more elaborated? If it is based on Woof then it is still a single user OS.

Iguleder has made a multiuser but that is not based on woof or a puppy.
Ah they announce it this week.
http://murga-linux.com/puppy/viewtopic.php?t=79001

Quote:
* experimental multi-user (some applications are still broken; some pet packages does not support non-root)


So maybe they have or maybe it is like I guess that they have tried to fix the single user but that it is not a standard mulituser linux

But I am only a naive noob

Hope my bad or poor English don't get misunderstood

I love if they really have accomplished it but would that still be puppy.

It would be a standard Linux that is almost compatible
using many pets but still failing on some. Interesting indeed

Thanks for telling about it indeed.

_________________
I use Google Search on Puppy Forum
not an ideal solution though

Edited_time_total
Back to top
View user's profile Send_private_message 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Fri 15 Jun 2012, 22:02    Post_subject:  

nooby wrote:
Lobster, If Fatdog really is multi user that would be a sensation. Apart from the old one based on 421?
none have accomplished this.

Not really. Grafpup 2 was multi-user (fork of puppy 1.x), Pizzasgood made multi-user from puppu 421.

Quote:
Is Fatdog then a variation or "fatter" version of 421
or a totally new attempt based on Lupu?
That's how Fatdog started, a "fatter" version of puppy 4.1. Today, Fatdog is compiled from scratch from T2 (just like Racy/Wary) - it is not based on anything.

Quote:
I mean I read here for hours every day how can I have missed
that it is multi user? Have they kept it secret Smile
Yes Smile It is multi-user since alpha2 but it wasn't release-quality yet, so we didn't announce it. Beta1 multiuser should be quite usable.

Quote:
My naive guess is that they have a single user with spot and fido more elaborated?
No. 600 beta1 is true multiuser, you can add/remove as many users as you want; you can run the desktop as any user; you can switch between root and non-root users anytime.

Quote:
If it is based on Woof then it is still a single user OS.
It is not based on Woof, though now and then ideas from Woof are adapted for Fatdog.

Quote:
So maybe they have or maybe it is like I guess that they have tried to fix the single user but that it is not a standard mulituser linux
That depends on what you mean as "standard" Smile

Quote:
I love if they really have accomplished it but would that still be puppy.
Fatdog is still "puppy" at heart Razz

cheers!

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 16 Jun 2012, 02:09    Post_subject:  

jamesbond wrote:
nooby wrote:
Lobster, If Fatdog really is multi user that would be a sensation. Apart from the old one based on 421?
none have accomplished this.

Not really. ..., Pizzasgood made multi-user from puppu 421.

Quote:
Is Fatdog then a variation or "fatter" version of 421
or a totally new attempt based on Lupu?
That's how Fatdog started, a "fatter" version of puppy 4.1. Today, Fatdog is compiled from scratch from T2 (just like Racy/Wary) - it is not based on anything.
...


Yes My apology to Pizzasgood. I knew your handle back in 2011 and
have referred to your version as Puppy412 or Puppy421 many times.

Then my poor memory lost your username but it where you I did refer to
above but knew not how to make it a proper reference there for the cryptic
421 mentioned.

Cool that it is a true multiuser that can still use puppy pets although
some still needs to be tweaked.

What I also like is that it allow us who are multi user challenged to start
being root and add the security later when we finally learn about permissions for multiuser.

What I didn't like where that SeaMonkey did not accept html pages on my internal HD.

Haha now I know that SeaMonkey run as user Spot and that it can not
open files on the HD. So the easy way out is to move a copy of that
html file to Spot directory and open it there instead.

And SeaMonkey can save files to the internal HD so how does that make it safer? I did not have to first save it in downloads at Spot and then move it.
If I can save a file to the internal HD so can any trojan or virus through SM?

Still good that it is true multi-user though.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sat 16 Jun 2012, 21:05    Post_subject:  

Hi nooby,

There are some errors in your ideas in the post above this one.

You have to spend some time learning file permissions and ownership in order to understand how it all fits together.

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
gcmartin

Joined: 14 Oct 2005
Posts: 4368
Location: Earth

PostPosted: Tue 14 Aug 2012, 13:11    Post_subject: Moving from LH64 thread to here  

In the LH64 thread, the discussion seemingly is addressing what has been offered in this thread. This is a simple insight to what is discussed.

My History
In 1985, I had an interesting report come across my desk. It was an alert to something that had NOT been present in my industry, heretofore...."Viruses" in DOS. This was simply a theoretical supposition, but, it appeared that a government/business/persons could infect a machine from afar for its own specific purpose which differs from the machine owner.

Since then, a whole industry has been created that contributes to an economy's GNP that has arisen.

Today
Some company execs do not know the difference between viruses, malware, or security, thus, the IT staff and industry experts continue to misrepresent issues in this area of discussion.

Over the past 25 years, there have been many an expert that addressed viruses, malware, real and potential. I say "potential" because this usually arises from a gathering of software engineers who were brought together to "crack" a subsystem or a system. Most often times, when that is done, over 98% if the findings are "a first" which has NEVER been seen (0R exploited) before and over 98% of those have never, ever, been attempted at exploitation in the real world.

The security industry is awash with many, many methodologies that are implemented all of which are done by some person/manager/team whose job it has been to manage-consult a security approach to be used by a company they work for.

That being said, I have worked with so many companies for which there are NO standard approaches, nor implementation, nor methods of protections that addresses all situations.

I have only my own implementation that I work with which, in and of itself, is ONLY designed to address the most likely of situations. This is based upon my experiences, the OSes I use, as well as my current usage practices.

I will say, though, there is a reason that the industry exists in the fashion that it does. The OSes, all have design points. And, every OS has an approach which makes it vulnerable to an exploit.

In a community, like this Puppy Forum, we should concentrate on any OS tools that exist, to assist us in managing important data which resides on our system(s). That management is not just protecting, but providing generational copies to assist our recovery should we have an issue where recreation and recovery is necessary.

None of us, no matter how smart we think we are, can provide a implementation that will cover EVERY POSSIBLE METHOD OF DATA LOSS that is or would be possible.

The OS designers (all of them), do provide and address OS protections in ways that make sense. Where we can help is to understand what they provide and determine it that is sufficient to meet our needs. Then we can add additional tools as we see fit to assist the system's ability to keep our data safe. As well we can contact vendors through various means to offer insights that will be useful in data/subsystem/system protections.

Remembering, that this "security/malware-protection/virus-protection" will continue (for the foreseeable future) to be an individual selection and practice. This applies in the home, the SMB, the SME, or the corporate entity.

Hope this clarifies security/malware/viruses. ("I know... it doesn't!")

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 4 Posts_count   Goto page: 1, 2, 3, 4 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1297s ][ Queries: 13 (0.0054s) ][ GZIP on ]