Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 18 Dec 2014, 19:07
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Security in Puppy Linux: running as Root
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 4 [46 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 14 Aug 2012, 17:18    Post subject:  

Bruce B wrote:
Hi nooby,

There are some errors in your ideas in the post above this one.

You have to spend some time learning file permissions and ownership in order to understand how it all fits together.

Bruce

~


Bruce you are 100% correct but the sad new is
that I fail to read and to grasp and to remember such.
Too steep learning too much to remember does not have that brain.

I am an aimlessly spinning head up in the blue sky of fantasy. Sad indeed.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2740
Location: New Zealand

PostPosted: Tue 14 Aug 2012, 18:56    Post subject:  

nooby wrote:
I am an aimlessly spinning head up in the blue sky of fantasy. Sad indeed.
Ah - sounds like too much coffee...!
.
Back to top
View user's profile Send private message 
gcmartin


Joined: 14 Oct 2005
Posts: 4500
Location: Earth

PostPosted: Wed 15 Aug 2012, 15:22    Post subject:  

A community member wrote:
The discussion on this thread was directly related to the Lighthouse64 issues and bugs which I reported, Some of these, related to DVD-load operation, were deflected or dismissed with the observation that a frugal install on a USB flash drive would make more sense. Since I do not agree, I chose to address that claim by discussing the issues which make a flash install less than ideal, thus presenting DVD-boot as the superior solution. That obviously makes *this* the correct place to discuss those issues. *This* is the place for developing those views through discussion and argument, for those who wish to do so.
I think it is important to note that it is Does NOT Matter whether it is a Frugal Puppy/Full Puppy/Live-Media Puppy on the issue of Malware in the system.

Most of us should understand that even though there are some advantages to booting one vs another, the running system with the triggers that malware presents is whats of concern.

Here to helps

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 15 Aug 2012, 16:34    Post subject:  

A wild naive idea that I hope many comments on.

gcmartin wrote:
Most of us should understand that even though there are some advantages to booting one vs another, the running system with the triggers that malware presents is whats of concern.


If I do get what you intend here then I do agree.

But as Flash our most active Moderator often point out
that if one do as he suggests to boot using a CD
and to have a USB a save file and to only
connect that one if there is something important
and use the CD or DVD to save other small changes.

And the most important. To take out the Harddisk from
that computer then that set up is rather safe.

Especially if one reboot now and then to get rid
of the malware that have entered?

My naive question for us who can not use CD/DVD
and have to use USB instead.

Suppose I take out the HD and only connect
an eternal HD when I want to save something important.

Okay maybe the malware is clever enough to sense that
connection and sneak it's bad code over to that HD?
while I save the scientific pdf texts and .doc and so on.

For to prevent that to happen could one do like this?


I take out the HD and only boot frugally from USB
and that one having a partition too small to have
room or any malware? Then it has another partition
for savefile but which are password protected?

Would the malware be able to sneak over the bad code then?
Would it read the password while I save something?

And to be extra cautious if I want to save on the big
external HD then I save it first on the save partition
on usb and then shut down the computer and
then boot up again and save on the external by
copy over from the usb? I mean the malware
would be gone and can not copy over the bad
code because that one need the active program
that lurk in RAM memory?

Or am I too naive here? sorry for confusing text

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
gcmartin


Joined: 14 Oct 2005
Posts: 4500
Location: Earth

PostPosted: Wed 15 Aug 2012, 19:24    Post subject: Why use Live media? ... a single view of its use  

Here's how I have used my PUPs over the years.

I build my Live media from a Puppy ISO. I insure that it is built in Multi-session mode. One then boots the Live media created from the ISO, and uses the PUP as they see fit. This includes web needs, subsystems added from PPM, tailoring, and data generation/manipulation as one finds necessary. When they have completed their use (and this could be weeks later in some of my cases) when I shutdown I am asked if I want to save all prior work that was done in the system. I reply Yes and target it to the CD, and Puppy takes care to save all of my work that exist in the PUPPY filesystem(s).

When Puppy reboots, it detects the saved session(s) and incorporates the save session into the running OS.

What I just described is that NOTHING is written onto ANY media until I, personally, instruct the system to do so. There is another means for me to use as provided by some/most Puppy distros; namely, a "button" on the desktop that will execute a save-session to take an interim snapshot of my running Puppy.

From a security standpoint, I am in control. The only time this can be compromised (and it can be compromised) is if someone pushes my buttons.

It is meaningful to understand that given the right kind of information, and an understanding of behavior, there are methods which can be brought to bear to exploit any of us. But, there must be an environment for this to occur and an understanding on behavior such that an exploitation can occur.

I am NOT sharing this as a demo of how to be secure! I am sharing it to show that in my case, my booted system is safe and intact prior to any save-session I do. But, for those PCs that I use in production (meaning, I have them running all the time, I rarely boot/reboot them unless I want to save an instance of the system for some reason). And, since everything that occurs is real-time in the RAM filesystem, I have a limited exposure that would force eradication of a breach; namely the offending save session.

My Live media (DVD/CD/BluRay) has timed stamped save-sessions. I can use or physically delete any particular save session that I might want to (but, this is a manual operation, for Puppy does not provide tools to do this as of this posting.)

Live media is one safe methodology if for no other reason than the fact that one can selectively discard, or boot without certain save-session on the Live media.

Thus, one can consider this physical security versus some automated internal subsystem such as an Antivirus Subsystem. I do PPM install Antivirus software to be used to periodically check the system. I sometimes do boot other OSes and the virus signatures are routinely scanned for anyway, even though I recognize that exposure is limited.

In contrast, a Frugal and Full installations have their Puppy filesystems active to the running system and things are mounted to the running system at boot time. These have a differing level of exposure that requires different management.

I hope this give some understanding that contributing members can point to for better understanding of why some of us may choose Live media booting. The advantages of using Live media outweigh the need for shortened boot time. In my cases, the fact that it takes 1-3 minutes to boot does NOT poised a negative impact for me given that once its up, it does everything the Frugal-Full systems can do. It may be thought to be faster because there is NO need to access anything other than the RAM based filesystem to operate. (NOTE: I always have a partition on HDD that is a SWAP partition as this provide a measure of system stability without impacting performance.) My systems that I use all the time (2 PCs) run all the time and are almost never rebooted after initial setup and tailoring. Thus boot time in non-existent in comparison to up-time and use-time.

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
rdog

Joined: 18 Oct 2010
Posts: 19
Location: Quesnel, BC, Canada

PostPosted: Thu 06 Sep 2012, 14:29    Post subject:  

In general, puppy is secure because it is different. Malware is coded with a specific environment in mind.

However, consider this...

Running as root means that you have the right to run any command. A script running "dd if=/mnt/home/puppy/usb-image.iso of=/dev/sdc" as an example can burn an ISO image to the CD. Is it possible to ruin a CD and make it not bootable with dd? Yes, I believe so. Perhaps it would not be a loss of data for you depending on your practice but definitely it could be a time consuming annoyance to get back up and running.

Running as a restricted user would protect from such a command. But the nature of viruses and malware is that the payload is not always immediately evident. One can get a seemingly harmless program and use it for a very long time before the harmful payload is seen. In this case to protect from such a payload you would have to make a practice of always running as a restricted user, any code that could be infected.

Requiring buttons to be pressed, drives to be mounted, or scripts to run to perform "administrative" functions only adds protection if these requirements are not known to the attacker, or if they are not able to be run or done as the restricted user that the attacker has managed to get access to. (Note: GUI elements such as buttons, don't "do" anything in themselves, they call scripts or binary code to perform the activity).

Ultimately we have to make a decision to trust the code we are running, the source of that code and so on. Even the Linux kernel could have deliberate security vulnerabilities, but we trust that those people who review the source code, and the source code for the compilers which produce the binary executable, have our best interests in mind.

For my part, I use the browser as Spot. I generally download and compile from source the programs that I include in my SFS files. I remove any code that has been installed into the personal save files, and in the case of my USB puppy I only save changes at shut down and then I'm prompted by the shutdown script to decide if I want to save (customizations I have made). I trust that the original puppy ISO is free of malware. I use OpenVPN to tunnel to my home network for Internet access when I am away, so my communication is encrypted even if I'm connecting to an open wireless access point. I have Avast antivirus and occasionally update the definitions and scan all the files. Even Avast and the definitions are loaded from an SFS file at boot time.

Besides having backups of the personal save files and other data saved on separate USB sticks there is not much else to do.

My only real reason for wishing for multiuser support beyond Spot in Puppy has been when installing 3rd party binary applications where they refuse to run as root. Many of them will not run as Spot either.

Take Care,
Rob
Back to top
View user's profile Send private message 
666philb


Joined: 07 Feb 2010
Posts: 1943
Location: wales

PostPosted: Sat 08 Sep 2012, 22:38    Post subject:  

rdog .....

which apps are you wanting to run?

_________________
Tahrpup, built with trusty tahr packages http://murga-linux.com/puppy/viewtopic.php?t=96178
Quickpet_Precise, install popular apps quickly http://www.murga-linux.com/puppy/viewtopic.php?t=83642
Back to top
View user's profile Send private message 
rdog

Joined: 18 Oct 2010
Posts: 19
Location: Quesnel, BC, Canada

PostPosted: Thu 13 Sep 2012, 14:35    Post subject:  

666philb wrote:
rdog .....

which apps are you wanting to run?


Hi 666philb,
Sorry I didn't get back to you sooner.

The first app I tried to run was Lotus Notes 8.5.2. I finally gave up and installed the windows version to run from wine. Not an easy project and not the most desirable way to run it.

My next most desired app to run from puppy is Vmware Workstation. I will be putting some effort into this since I have several Vmware guests that I would like to run, some are required for my job.

I haven't tried using Fido which I see has appeared with Puppy Slacko. But now I have been distracted by trying to build my own puppy with woof LOL.

I've had some issues with woof which I'll save for another thread.

Take Care,
Rob
Back to top
View user's profile Send private message 
666philb


Joined: 07 Feb 2010
Posts: 1943
Location: wales

PostPosted: Fri 14 Sep 2012, 05:13    Post subject:  

hi rdog,

whilst i can't actually test the software you're wanting to use, i've had some success using this to run stuborn 'root hating' programs http://www.murga-linux.com/puppy/viewtopic.php?t=72667 once installed you'll need to alter the' /usr/bin/puppy-chrome ' script to point at the binary you're trying to run.

puppy does have vwmare player, http://www.murga-linux.com/puppy/viewtopic.php?t=62492 how it differs to work station i don't know.but i've had windows7, various linux's and iox running on it

_________________
Tahrpup, built with trusty tahr packages http://murga-linux.com/puppy/viewtopic.php?t=96178
Quickpet_Precise, install popular apps quickly http://www.murga-linux.com/puppy/viewtopic.php?t=83642
Back to top
View user's profile Send private message 
rdog

Joined: 18 Oct 2010
Posts: 19
Location: Quesnel, BC, Canada

PostPosted: Fri 14 Sep 2012, 17:47    Post subject:  

666philb wrote:
hi rdog,

whilst i can't actually test the software you're wanting to use, i've had some success using this to run stuborn 'root hating' programs http://www.murga-linux.com/puppy/viewtopic.php?t=72667 once installed you'll need to alter the' /usr/bin/puppy-chrome ' script to point at the binary you're trying to run.

puppy does have vwmare player, http://www.murga-linux.com/puppy/viewtopic.php?t=62492 how it differs to work station i don't know.but i've had windows7, various linux's and iox running on it


Thank you for that info 666philb, I'll come back to this issue soon.
Take Care,
Rob
Back to top
View user's profile Send private message 
snayak

Joined: 14 Sep 2011
Posts: 231

PostPosted: Wed 24 Oct 2012, 14:55    Post subject:  

Hi All,

What I see is in this forum is,

1. many says running puppy as root has problem, it is not safe.

2. many says running puppy as root has no problem, it is safe.
-Do they mean, running puppy from CD/DVD is safe?
-Do they mean, running puppy from HDD frugal is safe?
-Do they mean, running puppy from HDD full installation is safe?

When I goto IRC, it prints, running root is unsafe! Still we can go. But biggest trouble is, some IRC servers like DALNet doesn't even let us go in! Directly refusing stating that you are logged in as root!

What to do about it?

Sincerely,
Srinivas Nayak

_________________
Machine: Wary 530, AMD Athlon 2000+, ASUS A7N266-VM board, 512MB DDR RAM, 40GB HDD, 52xCDRW, PS/2 Mouse/Keyboard, USB 2.0.
Home: http://www.mathmeth.com/sn/
Blog: http://srinivas-nayak.blogspot.com/
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Thu 25 Oct 2012, 03:42    Post subject: Security in Puppy Linux: running as Root  

snayak,

I think many Puppy Linux users would agree that safety really is up to the individual using common sense whether one runs as root or not...

Quote:
When I goto IRC, it prints, running root is unsafe! Still we can go. But biggest trouble is, some IRC servers like DALNet doesn't even let us go in! Directly refusing stating that you are logged in as root!

What to do about it?


In this circumstance, one can choose to run as a user with limited rights (non root access) in Puppy Linux. One can use spot:
Code:
# su -l spot
# whoami
spot
# exit
logout
# whoami
root


Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 25 Oct 2012, 04:30    Post subject:  

Seems to be very individual these things.
I am a pessimist. I trust that nothing on internet is safe.

As soon as you connect to internet some ill willing person
can have a program that target you personally and them
do their best to hack in.

What I have heard is that being non-root only protect the
files in that restricted use area. The hacker could still
hack themselves into the root account if they have that knowledge
and resources and so on.

So maybe we should not be too overly confident but
also be realistic about it?

I know too little.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Fri 26 Oct 2012, 01:21    Post subject:  

rdog wrote:


My only real reason for wishing for multiuser support beyond Spot in Puppy has been when installing 3rd party binary applications where they refuse to run as root. Many of them will not run as Spot either.


For the record... Will you provide some examples of 3rd party apps you've found that refuse to run either as root or as spot in Puppy?

Thanks,
Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
snayak

Joined: 14 Sep 2011
Posts: 231

PostPosted: Sat 27 Oct 2012, 13:04    Post subject:  

Hmmm...

Another thing is that, many of our members say, puppy linux was created to be used as a single user system. It cant be used as a server.

1. To my knowledge, linux itself is a multiuser os.
So, how puppy linux is single user system?

2. We are happy that puppy linux be better used as a Desktop os, a single user system. When question os adding another user comes, why people think that it shall be used as a server? I think, when people say, add another unpriviledged user, they mean providing a less permitted user, but again they will use their system as a simple Desktop, not a server in the university or their office! Cant we make it such that it adds just a less priviledged user and yet work as Desktop only, no server functionality and no connections from outside to the machine. (which i think, is the need of a server)

3. Does providing add user facility, shall increase the size of puppy linux os?

4. What ways a multi user Desktop os (like windows xp?) differs from now a days puppy?

I am new to all these. Forgive.

Sincerely,
Srinivas Nayak

_________________
Machine: Wary 530, AMD Athlon 2000+, ASUS A7N266-VM board, 512MB DDR RAM, 40GB HDD, 52xCDRW, PS/2 Mouse/Keyboard, USB 2.0.
Home: http://www.mathmeth.com/sn/
Blog: http://srinivas-nayak.blogspot.com/
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 4 [46 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1142s ][ Queries: 13 (0.0051s) ][ GZIP on ]