Real men run as root

News, happenings
Message
Author
Emeritus
Posts: 2
Joined: Sat 18 Mar 2017, 03:34

Real men run as root

#1 Post by Emeritus »

Is Puppy still run as root?
There is a report on Gentoo forums about successful break-in into a computer ran as root.
Methinks the times when Linux was relatively secure to be run as root are over, for good.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#2 Post by musher0 »

Hello Emeritus.

Oh, I think in this forum we've been touching on this subject every 28
days. It's like PMS, IMO. Now it's your turn to have cramps... :roll:

Do a search with the forum search engine, the answers to your question
are already there.

As former member and Puppy developer gposil once said (or something
like it), about six years ago:

"If you think running Puppy as root is a risk,
don't use it."


Regards nevertheless.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#3 Post by slavvo67 »

I've actually started moving my browsers to Spot. Why? Eh, why not?

It's there... it has no noticeable negative affect and those pesky Chromium, Chrome, Iron, etc. sandbox issues seemed to go away....

Not afraid of running Root but I'm pretty happy with my browsers running via Spot.

Emeritus
Posts: 2
Joined: Sat 18 Mar 2017, 03:34

#4 Post by Emeritus »

Yes I think running as root is a risk. And this risk is increasing. The Gentoo computer that got owned wasn't taken over by a Windows virus. It was a piece of badware targeting Linux systems and it successfully encrypted user files.
The world is changing and IMHO you are hiding your head in the sand.

User avatar
drunkjedi
Posts: 882
Joined: Mon 25 May 2015, 02:50

#5 Post by drunkjedi »

Got link to that break in report?

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#6 Post by slavvo67 »

All my important items are backed-up in 3 places, so I have little concern for such but I'm careful where I go and what I add to my machines.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#7 Post by Flash »

Emeritus wrote:...The Gentoo computer that got owned wasn't taken over by a Windows virus. It was a piece of badware targeting Linux systems and it successfully encrypted user files....
Was this Gentoo computer that got broken into running as root? That's what we're discussing here.

User avatar
fredx181
Posts: 4448
Joined: Wed 11 Dec 2013, 12:37
Location: holland

#8 Post by fredx181 »

It's here discussed, I guess:
https://forums.gentoo.org/viewtopic-p-8 ... 5e54e25294

Caused by browsing the net as root or... :?:

Fred

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#9 Post by rufwoof »

Having moved over from DebianDog to a more pure form of Debian frugal ... and it was a right PIA at first. Kept hitting permissions failures after making edits - 'annoying' to put it politely.

After a while however and it became second nature. Clickable link/icon to open a root terminal. Right click option in PCmanFM to open as root. All the rest run under 'user'.

Some programs such as VLC, Pulse Audio ...etc. don't like to be run as root. You can fix that, at least for VLC with a relatively simple edit however. Many of the weaknesses of running as root equate to the risk of a local escalation of 'privileges risk' ... but if you can already easily access root anyway and just use your box as a single user box, those risks are immaterial.

Running a browser as user is a good idea IMO. As the browser is the more likely point of entry/weakness. Puppy (or other frugal boot alternatives such as the Debian frugal I run) that can be shutdown with no saving of changes however is a barrier to deeper level breaches/trojans. Such that one of Puppy's weaknesses (if you want to consider running as root as being such), is offset by one of its strengths (frugally booted).

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#10 Post by jamesbond »

Most importantly is **don't** run network programs with the same user account that keeps your data.

Explanations here: http://distro.ibiblio.org/fatdog/web/faqs/login.html.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

step
Posts: 1349
Joined: Fri 04 May 2012, 11:20

#11 Post by step »

jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
Including wine network programs (wine-HQ recommend not to run wine as root at all).
[url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Fatdog64-810[/url]|[url=http://goo.gl/hqZtiB]+Packages[/url]|[url=http://goo.gl/6dbEzT]Kodi[/url]|[url=http://goo.gl/JQC4Vz]gtkmenuplus[/url]

User avatar
fredx181
Posts: 4448
Joined: Wed 11 Dec 2013, 12:37
Location: holland

#12 Post by fredx181 »

jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
Do I understand well?:
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?

Fred

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#13 Post by tallboy »

I have always been root. But I guess running live with no savefile put me in a different league...
True freedom is a live Puppy on a multisession CD/DVD.

dancytron
Posts: 1519
Joined: Wed 18 Jul 2012, 19:20

#14 Post by dancytron »

fredx181 wrote:
jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
Do I understand well?:
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?

Fred
From reading Jamesbond's posts in the past, I think his point is that no matter what user you are running as, for maximum security, you should browse as a different user.

So if you are running as a normal user, you should still use a different user to browse, since even if your normal user doesn't have root access it still has access to your data and your data is what is important.

Hopefully he'll correct me if I've completely misunderstood him.

User avatar
bigpup
Posts: 13886
Joined: Sun 11 Oct 2009, 18:15
Location: S.C. USA

#15 Post by bigpup »

The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected :shock:
YaPI(any iso installer)

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#16 Post by Lobster »

I have always run as root.

If I was a real man I would run Puppy and wearing a kilt. 8)

Puppy are not totally geek but most know the historical difference between root on server and terminals and a savvy root user. That is why Puppys are safe and Gentoo and other big dogs are not. Too much yapping, not enough knowledge. Puppy is an education, not opinion, geek mantras and platitudes . . .

Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
Over 30yrs programming in dozens of languages from assembly to Oracle database administration, and I've found nothing more secure and reliable than Puppy Linux.
If you run Puppy in ram loading in from DVD/SD card/USB keydrive and save your data on a separate media, you are in a very robust system.

I am not interested in security but provided GROWL (new version in beta) as a way to placate and educate - just as I am kindly supported and educated by our rottweilers in tin hats (protectors of Puppy).
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
fredx181
Posts: 4448
Joined: Wed 11 Dec 2013, 12:37
Location: holland

#17 Post by fredx181 »

Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred

belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

#18 Post by belham2 »

fredx181 wrote:
Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred

Awe, shucks, Fred, here's the most foolproof system: James is always saying to not run network with the same user that has the data. Well, hmmm.......What if a person has NO DATA, as in his head is a blank slate. his brain too, which is reflected in his pup & pup-related uses, then he has no worries. Be Hapskee, he says, life is good. Even if they bio-magically came in thru the keyboard into his brain, they'd find NO DATA there either and would desparately be searching for his wife to find some data of value :)

.....Of course, I am not saying the above person is me...... :lol: :wink:

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#19 Post by musher0 »

I think we scared "Emeritus" (the OP) away! (hehe)
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
drunkjedi
Posts: 882
Joined: Mon 25 May 2015, 02:50

#20 Post by drunkjedi »

Maybe he is just enjoying on sidelines.

Post Reply