The monster flailed and growled and the people declared it's dire rants as baseless rantings, an abomination speaking in tounges. The pitchforks came out and destroyed the creation but what did we learn from this monster?
Let's recap.
roofwoof, suggested that there isn't sufficient separation of privileges between spot and root on both puppies and dogs and even going as far as to suggest that it might not be that hard to break out of Barryk's easy containers. The claim was that spot could Eavesdrop on both the root terminal and the xserver. He also claimed that fatdog64 best handled this privilege separation.
To better understand this, "s243a" noted that on stretchdog, user "puppy" couldn't run GUI aps without disabling x security via "xhost +" or via some more complicated procedure that would make it difficult for new users to run GUI aps without root permissions.
Wiak responded to s243a by saying that "xhost +" was a quick and dirty way to achieve this but the proper way to achieve it was either via xdm or ssh forwarding. He also noted that in general puppy connects to the xserver insecurely.
Anyway, no info was given about the attacks that would escalate privileges suggested by roofwoof but lets follow roofwoofs critiques further (baseless or not) and look at how fatdog64 handles running a browser as spot and then we can look at how a typical puppy does it and compare the strengths and weaknesses of each approach.
If you look at the desktop file for firefox in fatdog64 you see the following lines of code to start the application:
/usr/share/firefox/firefox.desktop
Code: Select all
...
Exec=firefox-spot %U
...
Code: Select all
# which firefox-spot
/usr/bin/firefox-spot
Code: Select all
#!/bin/dash
exec /usr/bin/run-as-spot /usr/bin/firefox "$@"
Code: Select all
/usr/bin/run-as-spot
Code: Select all
[ -z "$XAUTHORITY" ] && XAUTHORITY=/root/.Xauthority
[ -e "$XAUTHORITY" ] && cp $XAUTHORITY $SPOT_HOME/.Xauthority &&
chown spot:spot $SPOT_HOME/.Xauthority &&
export XAUTHORITY=$SPOT_HOME/.Xauthority
export XDG_CONFIG_HOME=$SPOT_HOME/.config
export XDG_CACHE_HOME=$SPOT_HOME/.cache
export XDG_DATA_HOME=$SPOT_HOME/.local/share
mkdir -p $XDG_DATA_HOME; chown spot:spot $XDG_DATA_HOME
export FATDOG_STATE_DIR=$SPOT_HOME/.fatdog
set -- "$(eval_safe_quote "$@")"
exec su spot -s /bin/dash -c '
The full script I copied to the above link. Note, that I'm not sure this is the latest since I kept the same save file when I upgraded. It isn't obvious to me from the above that xdm is being used as wiak suggested and not knowing enough about xsecuirty I won't say whether or not the above way is a good way to run applications as spot. Rather I'll leave it to other users to comment.
As a side note the above approach requires that the user have a home directory, so if I created a system user called tor-browser the above approach wouldn't work. One might want to create a system user called tor-browser if they wanted to use iptables to restrict the network traffic of said browser to only connect through either tor or a proxy. A proxy may be used instead of tor if they wanted to prevent the tor browser from connecting to clearnet sites.