Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 22 May 2018, 20:02
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Derivatives
EasyOS Pyro 0.9.1 (May 7), Beaver 0.9.2 (May 15), 2018
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 43 of 50 [746 Posts]   Goto page: Previous 1, 2, 3, ..., 41, 42, 43, 44, 45, ..., 48, 49, 50 Next
Author Message
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Wed 18 Apr 2018, 12:45    Post subject:  

BarryK wrote:
If you are running, say, Firefox, in a container, I don't know how the existence of a utility such as exit-chroot can be used.

Older browsers have their vulnerabilities published along with descriptions of the fixes. Some of those include execution of code vulnerabilities ... so a hacker knows where to focus their efforts to potentially exploit anyone who is running a older/unpatched browser. Outbound internet traffic is rarely monitored as are the returns from those outbound requests, so if a breach can install into memory even a small module that simply loops send-requests to the hackers IP and execute whatever command is returned, the hacker in effect has bypassed the firewall. Something like exit-root is just one of the things that might be tried, along with a barrage of others such as scanning around the LAN to see what other devices/systems might be available to have persistent code installed. Imagine a browser flaw that enabled installation into memory of a wget file from hacker site, execute that file in background ... looping type script sending the standard and error outputs out as further http requests ...

I strive to change my user-agent as revealing your browser version and operating system is a great aid in assisting towards targeted exploits. Faking your user-agent can vastly reduce the chances of a initial penetration (wrong exploits/code that wont work thrown at you). Only running root at the console (not under X) is yet another risk reduction choice. The entire 'nix file structure and permissions are geared to security utmost in mind. As are other barriers such as W^X (write exclusive or execute i.e. memory space restricted to being write only or execute only, not both), randomisation (so the structure of memory space changes rather than following a consistent pattern), Pledge (applications assigned sets of things that they are permitted to do, but prevented from accessing command/files outside of that) ...etc.

Security isn't just your data/PC, but anyone and anything else sharing the same LAN.
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1517

PostPosted: Wed 18 Apr 2018, 13:28    Post subject:  

rufwoof wrote:
BarryK wrote:
If you are running, say, Firefox, in a container, I don't know how the existence of a utility such as exit-chroot can be used.


Older browsers have their vulnerabilities published along with descriptions of the fixes. Some of those include execution of code vulnerabilities ... so a hacker knows where to focus their efforts to potentially exploit anyone who is running a older/unpatched browser......

Security isn't just your data/PC, but anyone and anything else sharing the same LAN.



This confuses me. A lot of us rip samba (or any file sharing service) out of our puppies/ddogs, also erect a firewall that automatically blocks cifs/rpc/rsync/rdp/ssh/telnet/ftp/smtp and (if applicable) NetBIOS, along with routers (and its firewall) that is even more hardened than this.

Thus, in a setup like this, just how, when, where and why would it matter what browser you are running? Any hacker will be stymied at every stop trying to execute anything in memory, coming out of the browser. And if you are 100% in ram, with daily reboots, it's game over for anyone trying to come in through memory (and a browser). Plus, any looping process by a hacker installed memory applet will be hugely noticeable in how the cpu is acting.

Containers (and not just in Barry's Easy) emulate and/or help in this process a lot, so I am stumped here at the reasoning.... Confused
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Wed 18 Apr 2018, 14:54    Post subject:  

belham2 wrote:
This confuses me. A lot of us rip samba (or any file sharing service) out of our puppies/ddogs, also erect a firewall that automatically blocks cifs/rpc/rsync/rdp/ssh/telnet/ftp/smtp and (if applicable) NetBIOS, along with routers (and its firewall) that is even more hardened than this.

Which blocks inbound. There are no firewalls on outbound. The objective for a hacker is to get that first outbound going, as the system will treat that as a outbound request and allow both that and the returned content/reply through.
Quote:
Thus, in a setup like this, just how, when, where and why would it matter what browser you are running?

Because a 'faulty' browser might enable things to be loaded into memory and in effect the instruction pointer directed to that. If say you visit a malicious web site and view the content, the content of a image file for instance could include instruction code - do something, jump 20 forward for the next instruction and do that instruction, jump 30 forward ... etc. In other words a program that YOU downloaded into memory. Looked at as just a image and that image might look totally normal, or it might not even be seen, just downloaded along with html instructions to size the display of that image to being just one pixel. The tricky part for hackers is getting the instruction pointer to point to the very first instruction of their program, a faulty browser (or other such) exploit opens up the potential for that.
Quote:
Any hacker will be stymied at every stop trying to execute anything in memory, coming out of the browser. And if you are 100% in ram, with daily reboots, it's game over for anyone trying to come in through memory (and a browser).

After initialisation of a program ... a lot can happen very quickly. A open window even a few seconds can be more than enough time. Having penetrated even most briefly most hacks will look around for potential means to remain persistent one way or another. Having root/full access to disk/devices etc. makes finding such a option more likely compared to running restricted.
Quote:
Plus, any looping process by a hacker installed memory applet will be hugely noticeable in how the cpu is acting.

Only if the program is permitted to run away wildly, most hackers would consider that and adjust their programs accordingly. We are after all talking in very simplistic terms here, in practice things are way more complex. Big data for instance where even allowing sites to see what OS, browser, screen resolution ... etc you are using ... along with other measures can enable you to be individually identified (or at least into a sub-set group of limited numbers).
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Wed 18 Apr 2018, 18:42    Post subject:  

Bug list as usual with Puppy, way way too long.

Jwm and Rox are a great partnership but Puppy destroys that.

One example, add a rox panel to the top of screen and no matter what it will be covered by maximised windows, even if you set rox to leave space for the panel, or other associated settings (remain on top ..etc.).

Desktop drive icons if you set to be further up to allow for a larger tray - reset. Desktop icons, remove them and they reappear (I prefer the convenience of dropping icons into the rox panel so you can drag/drop there instead of having to showdesktop to drag to a desktop icon). Use jwm desk setup to edit jwm and add another jwm tray to the left say (I prefer Dock to be over there and have a bottom panel that auto hides and shows menu and tasklist), and Puppy decides to rearrange all that to how it thinks it should be arranged (that doesn't work). Bloat of all the gui's to tweak this and that simply ruin things. Far better to learn a bit of XML syntax and have just a few links to the relevant files (.jwmrc etc.) in which you can 'code' all of your startup commands and configuration. Usable only if you strip out much of the bloat.

But that's all aside from Pyro 0.9. Only issue I've found so far is that if you move a container to the rox panel and remove the desktop icon, it reappears on the dektop again at the next reboot. But again that's not Pyro but Puppy.

Something odd with seamonkey font size settings. Had super small fonts initially but after playing around with UserChrome.css both in the outside and inside of containers I got that settled.

UTC wasn't set by default so the first time I setup the clocks in my other boots were all out by a hour.

Pyro wise I've tried multiple creation/deletions/restores etc. and all seems to work well. I've mostly used terminal containers and just built and run things inside each container, running rox and seamonkey etc. and that's all worked well. Did try running as spot but that didn't work (nobody permissions on the spot folder).

Concept seems to be working well. Particularly like the introduction (simple/third part) text about containers, found the first two technical text documents to be a bit too glazing.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Thu 19 Apr 2018, 09:49    Post subject:  

A workaround trick with a rox panel having maximised windows covering it is to create a second jwm tray using jwmdesk manager and put that for instance over to the far top right and then create a rox panel of the same height/background colour.

I set the bottom (main panel) to be central and autohide, increasing its height and just left the MENU, showdesktop, tasklist and xload in that tray. The top right tray I set to show the date and dock.

The rox panel (rest of top of screen) now remains visible when a window is maximised, and being a rox panel you can drag/drop files onto those icons (or use the middle mouse button to drag/move to rearrange those icons). Adding a icon to the panel is also just drag and drop
s1.png
 Description   
 Filesize   198.49 KB
 Viewed   527 Time(s)

s1.png

s.png
 Description   
 Filesize   246.09 KB
 Viewed   526 Time(s)

s.png

Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Thu 19 Apr 2018, 11:51    Post subject:  

This looks interesting xchroot http://www.elstel.org/xchroot/, saves on trying to get xhost localhost:0 type X redirections going between the standard pyro and the container

I changed spot password to one I'd know

passwd spot
spot
spot

I edited /usr/sbin/chroot so as to use xchroot instead of busybox chroot

and then created a sakura container

ec-chroot sakura

... which xchroot'd into a sakura session ... as root.

I then created a simple script ....

#!/bin/sh
login
exit

chmod +x that script and ran it. When prompted to login I logged in as spot (using the spot password I had set earlier).

Running leafpad and up popped the x-window for leafpad Smile

chroot not allowed. Type exit and the exit after the login command in the above script has it disconnect from the container session.

I've messed around with things so much that my current version of pyro is untidy so I'm going to re dd another fresh copy and see if can repeat the above in the same manner.

Conceptually whilst logged into a cli in the container I should be able to install firefox via PPM and then login as spot and run that ... at least that's my thought-train.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Thu 19 Apr 2018, 19:58    Post subject:  

ssh/ssh-gui not X forwarding

I have a BSD server behind my main Virgin Hub (ISP providers router) that serves as my my server. I also have netsurf installed on that headless system. Another routers WAN connects to that Virgin Hubs WAN and all other PC's/systems connect to that second router i.e. LAD isolation.

More usually I ssh -XC user@192.168.1.x from one of the 10.0.0.x PC's that are behind the second router and then run netsurf and X is forwarded correctly i.e. a browser window is shown. echo $DISPLAY from the ssh cli typically shows localhost:10 or whatever. However using Pyro and both ssh and ssh-gui with X forward option selected show a empty $DISPLAY so running anything X over ssh doesn't work (xcalc, xedit, netsurf ..etc for instance just shows cannot open display).

Yes i did try turning off the firewall etc. And to confirm I did manage to ssh X using Lucid 525 that I used to post this).
s.jpg
 Description   
 Filesize   101.88 KB
 Viewed   439 Time(s)

s.jpg

Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 8551
Location: Perth, Western Australia

PostPosted: Fri 20 Apr 2018, 04:00    Post subject:  

rufwoof wrote:
I've messed around with things so much that my current version of pyro is untidy so I'm going to re dd another fresh copy and see if can repeat the above in the same manner.


One thing that needs to be improved, is the reFind boot menu, for UEFI-firmware PCs.

You have to press the F2 key to bring up a submenu, and then there is the option to "rollback".

Firstly, the sub-menu is not obvious, and I should really see if those items can be placed on the main menu.

Secondly, "rollback" actually wipes the read-write layer entirely (the .session folder), going back to a pristine first-bootup situation.
The description in the menu doesn't really state that.

Anyway, you could use that option to wipe everything, without having to do another install.

But it doesn't remove the containers, you would have to use the Container Manager to delete them.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 8551
Location: Perth, Western Australia

PostPosted: Fri 20 Apr 2018, 04:13    Post subject:  

Guys,
I am not being very responsive to feedback right now, will get onto it soon.

Currently working on getting many old "puppy apps" to compile with aarch64 (64-bit arm) on my fork of OpenEmbedded.

Blog post:
http://bkhome.org/news/201804/first-oe-aarch64-build-updates.html

Was very pleased this morning, when got 'gwhere' to compile. This is a very old gtk2 app, that has been in the pups from the early days, and I still have it in Easy/Quirky -- though, have no idea if anyone uses it!

Unfortunately, might have to retire inkscapelite. I got it to compile, for aarch64 in OE, and x86_64 in Easy -- but in latter case it crashed at startup.
The binary compile for April Quirky, in T2, still works.
Could trace it at startup, but more inclined to let it RIP.

What got me thinking about aarch64, is Google announced that Android will be all-64-bit by 2020, or something like that.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
stemsee

Joined: 27 Jun 2013
Posts: 2164
Location: In The Way

PostPosted: Fri 20 Apr 2018, 06:47    Post subject:  

I have just used EasyShare to connect on a public encrypted AP with my HP cherrytrail tablet and Panasonic Lumix FZ82 (4k bridge camera) to transfer files from camera to Easy-OS. Only one problem encountered - in the samba setup gui it does not mention that username must be specified from the other end, which is 'root'. Then connected and sent from the camera to the shared folder/directory. Great! Next time I will try direct connection and report.
Back to top
View user's profile Send private message MSN Messenger 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Fri 20 Apr 2018, 07:52    Post subject:  

Quote:
Something to think about, rover could be setup as default on all containers.

After setting up ssh and opening up ssh in the firewall etc. I was able to ssh log in as rover with X forwarding set (had problems with using -XC ssh command that implements authorisation, but -YC was fine, and being the same desktop -Y is fine).

Tried a few security things such as trying to sudo, su, run gparted ...etc. and they were all blocked as desired. Running programs such as galculator and the window popped up as expected.

Did try running seamonkey and seamonkey -no-remote, but both of those failed (segmentation dumps).
1.jpg
 Description   
 Filesize   61.33 KB
 Viewed   376 Time(s)

1.jpg

2.jpg
 Description   
 Filesize   56.68 KB
 Viewed   367 Time(s)

2.jpg

3.jpg
 Description   
 Filesize   11.5 KB
 Viewed   372 Time(s)

3.jpg

4.jpg
 Description   
 Filesize   42.09 KB
 Viewed   369 Time(s)

4.jpg

5.jpg
 Description   
 Filesize   50.73 KB
 Viewed   365 Time(s)

5.jpg

Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Fri 20 Apr 2018, 21:34    Post subject:  

I've set pyro to not auto login so I can login as either rover or root. Set .jwmrc up for rover along with a rox panel at the top and its working well.

Can alt-Fn between consoles and just have to exit-X and run xwin to switch between root and rover gui desktops.

Haven't got sound working yet and in rover it complains about /sbin/pup_event.ipc - but just flipping to the second desktop avoids that prompt, but otherwise rox, sakura, seamonkey, libre calc/write geany/leafpad, mtpaint and galculator all work fine under rover.
s.jpg
 Description   
 Filesize   44.5 KB
 Viewed   300 Time(s)

s.jpg

Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1317
Location: the australian mallee

PostPosted: Sat 21 Apr 2018, 05:56    Post subject:  

Do I need another driver or something for a Blu-ray drive (LG M-disc BH16NS55) with Pyro64 0.9? It's only working as a basic CD Drive at present.
Back to top
View user's profile Send private message Visit poster's website 
don570


Joined: 10 Mar 2010
Posts: 5020
Location: Ontario

PostPosted: Sat 21 Apr 2018, 11:24    Post subject:  

Tested version 0.9 and works well!!

Tested mypaint 3 and Blender 2.7.9
________________________________________

I put together a package of right click utilities
and made them available to Easy linux users
Right-click-Easy-6.9.0.pet

http://murga-linux.com/puppy/viewtopic.php?p=989333#989333

___________________________________________
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2323

PostPosted: Sat 21 Apr 2018, 18:12    Post subject:  

Pyro64 0.9. Running from a 2GB MMC card

Posted image using Firefox Quantum 59.0.2 from within a sakura container

Downloaded from firefox, extracted in /tmp and then copied the firefox folder over to the containers /usr/lib folder (/mnt/wkg/containers/sakura/container/usr/lib), started the sakura (terminal) container and ran the firefox executable.

Playing a youtube, but no sound (on screen suggestion is to install pulseaudio). Captured the image from outside of the container's mtpaint, resized and saved that to the containers /root folder - before posting here using tha container firefox window.
s.jpg
 Description   
 Filesize   89.33 KB
 Viewed   189 Time(s)

s.jpg

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 43 of 50 [746 Posts]   Goto page: Previous 1, 2, 3, ..., 41, 42, 43, 44, 45, ..., 48, 49, 50 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Derivatives
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1419s ][ Queries: 13 (0.0335s) ][ GZIP on ]