Why I don't like running as root (in Puppy)

For discussions about security.
Post Reply
Message
Author
GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

Why I don't like running as root (in Puppy)

#1 Post by GuestToo »

it's better to run as a user than as root

root can do things a user can't ... like install viruses and trojans and root kits, or formatting drives ... lots of things you normally don't want to do

i was experimenting with running X as user spot
it seemed to work ok except rxvt woudn't run

i read somewhere that the rxvt binary might need to be setuid root so it can connect to the X server ... i haven't tried it yet ... i tried things like xhost but it didn't seem to work

there are a few other problems running as spot ... spot can't change /etc/windowmanager, so windowmanager should be in $HOME ... files in my-documents belong to root, and spot can't change them or delete them ... spot would have trouble mounting and unmounting and writing to drives

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

One of the main reasons I like Puppy is its simplicity and ease of use. Running as root removes a pointless and annoying impediment to doing what I want with my computer.

I don't like Knoppix because it is designed to make it hard to run as root, which means it is difficult to use many of the programs in Knoppix. I guess Mr. Knopper just puts them in the OS because he likes them but he doesn't think anyone else should use them.

I live in a country where pretty much everyone who wants one owns a gun and a car, both of which kill and maim people by the thousands each day, not to mention the damage they do to the rest of creation. No one seems to care much, or even take much notice. So why is it such a big deal for me to run as root, in my own damn computer? If I screw it up, that's my fault. I wish more people would be like Barry and stop trying to protect me from my own stupid mistakes.

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#3 Post by GuestToo »

it's one thing to own a hand gun

it's another thing to keep a fully-loaded gun, cocked, and with a hair-trigger, on your coffee table next to the tv remote

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#4 Post by Flash »

GuestToo wrote:it's one thing to own a hand gun

it's another thing to keep a fully-loaded gun, cocked, and with a hair-trigger, on your coffee table next to the tv remote
....or smoke, which kills far more people than guns and drunk drivers put together yet is perfectly legal (even encouraged, in France :wink: ) on grounds of 'personal freedom' and 'personal responsibility.' Why can't I enjoy the same personal freedom with my own computer in the privacy of my own home?

Are you saying that me running as root somehow puts you at risk?

Bruce B

#5 Post by Bruce B »

If I screw it up, that's my fault. I wish more people would be like Barry and stop trying to protect me from my own stupid mistakes.
I like running as root. :)

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#6 Post by rarsa »

Note: The following opinion does not apply to Puppy as we already know why it does not matter in puppy to run as root.

For other distributions or OS's:

Running as root affects other people, not only you.

Of course, if it is a disconnected computer, you can only screw your own system, but it shouldn't be easy for a new user to do it.

If it is not a disconnected computer then you are risking other people on the same network if you run as root: Your mom, wife, coworkers, etc etc etc.

When you run as root:
- You can catch viruses more easily.
- Third parties can exploit vulnerabilities
- Trojan horses can open ports and start services

Even if it is only your computer connected to the internet, if you run as root you can get infected with a 'zombie' virus that can be used for DOS (Denial of service) attacks to third parties or for spaming.

Well, you get the idea: Having a compromised computer may affect other people.

A good Netizen should not leave a system running as root 'unattended'. Meaning: Only use root while you need to perform admin tasks, otherwise, use limited user.

Bruce B

#7 Post by Bruce B »

  • Running as root affects other people, not only you.
Frankly, I disagree that I am affecting anyone by running as root, in the context you suggest, i.e. on other distributions.

When I used to run Windows 9x, I never got infected with a virus or a trojan. I use Windows 9x as an example because it is as if one is 'root' in terms of permissions. In most cases the infection is a user interaction. Not something that just happens. That is one reason why I never got an infection.

If I never got a trojan or virus infection with Windows, realistically speaking, what would be the odds of me getting infected with Linux?

As far the third party exploits you mention, this implies someone can gain illicit access to my computer remotely. How do you suppose they could do that?

Scanners can locate my computer by IP address and try various exploits to gain access. My log file shows these attempts happen with regularity. There are no open doors (ports) or software waiting to respond the the access attempts (except 113 and 8 that I'm aware of). Even if there were service ports or open ports, my router would not pass requests to the ports on my computer, unless I set it up to do so.

There are some potential exploits with web browsers, but most of them are ActiveX or Java script. I don't have ActiveX. Java script is enabled on a case by case basis, via an extension.
  • A good Netizen should not leave a system running as root 'unattended'
Actually, I am a good Netizen. My computer is also, meaning to say there are no trojans running on it.. I sleep with the computer running as root and it's connected to the Internet 24/7

Your statement about leaving the system 'unattended' causes me to think you have a belief that people can remotely access your Linux computer when you are running as root without an interaction on your part.

How so?




[/list]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

Safety

#8 Post by Lobster »

Many thanks for those explanations Bruce I know that when I first started with Linux getting into it was difficult enough for me let alone anyone else . . .

There is a thread somewhere on changing from root to spot (I seem to remember) or creating another usr for those so inclined.

One thing we can all do is run the morizot firewall wizard, which I believe closes any open ports until they are required (this is one of the wizards)

One of the reasons I am no longer using WIndows is the amount of time dedicated and required to maintain a system free of malware.

If anything did happen, I guess I would get rid of the pup001, turn the machine off (no log out) and reboot.

Here is our info, anyone please add to it if you have ideas or suggestions
- there are a couple of tests you can run
http://www.goosee.com/puppy/wikka/Security

- in fact our previous wiki was spammed and we went over to this new one which has been fine - one spammer. We just rolled back that page
That of course does not effect Puppys - just the page is full of dubious links for a short while

If you look in Puppy help menu under utils - you will find TinyLogin
maybe that would be useful for some people (perhaps several people using one Puppy)

Also in 1.0.4 (due this week) the pup001 can be renamed, relocated (perhaps on a removable keydrive?) for those requiring max privacy

8)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Bruce B

#9 Post by Bruce B »

Lobster, there are many sites with services to test your ports. Here is a link to a good one:

http://www.grc.com/stevegibson.htm#projects

Then find the Shields Up link and click on it to test your ports to see which, if any, are open.

Unwanted outbound connections are a different subject, they usually occur to advertisers and trackers while using the web-browser, also possibly Realplay makes oblique connections.

I can show you for example, how to never get another doubleclick ad for the rest of your life. But outbound connections will be in another topic.

Bruce B

#10 Post by Bruce B »

From the wiki:
  • The site www.grc.com has ShieldsUp!, a product that will test the security of your computer while connected to the Internet. ShieldsUp! basically performs 3 tests: "file sharing", "common ports" and "service ports". Without the firewall running, Puppy "failed" the second two tests, as although all ports are "closed" they are not "hidden". Also, Puppy responded to ping requests. These failures are not necessarily a problem and Puppy is still secure.
I should mention that Steve Gibson wants what he describes as a 'stealth' port as his standard. Meaning that the scanner cannot even see that the port exists. A few years back some firewall vendors were happy to close a service port. But ZoneAlarm came along with some technology that 'stealthed' the port. Steve's site and the stealth idea put pressure on other firewall vendors to stealth the ports. So today Windows firewalls stealth the ports.

A totally stealthed machine means in effect that the only thing that can be known about your computer is the IP address exists. But a scanner can't find any port to talk to. Simply stated, a stealthed port doesn't talk back period.

A closed port will in effect say "closed" to the scanner, this means that there is some software routine on the port or it would not communicate 'closed'.

The scanner could try to get it to open and provide services. The chances of success is very poor IMO. But you can google to learn more about the closed port as it pertains to Linux.


This total stealth condition is usually a condition a result of having a good firewall.

A closed port is interpreted as a failure on Steve's scanner. It as I think you know is not a failure. It only means that the scanner can see that the port exists and that it is closed. With this information it can try various exploits on that port.

If you find an open port or a closed port you can Google for what that signifies on a Linux machine.

I'd like to try G2's new firewall script. I don't think I need a firewall because the router pretty well protects the computer. But I love to tinker and a firewall script would be something to tinker with.

I've read recently about malformed jpgs causing buffer overruns and allowing hacking. This is more of a discovery, than an actually happening. Software is being rewritten to handle this potential.

I think it has been handled with Firefox. I clean all the jpgs I plan to keep. Even if Gimp has a problem and I don't know that it does, it will not be fed a malformed jpg.

I like running Top in Puppy to see what processes are running and how much CPU they use, etc.

After a while you will become familiar with what software normally runs and you know which ones you are using.

With this familiarity, if something strange shows up you will be able to recognize it.

Changing the subject of things to worry about. Yesterday I was hiking and a long and very fat rattlesnake was laying in my path. I thought it would be best to not step over it. I wasn't in the mood to kill it. So, I approached it thinking it would get afraid and take off.

It wasn't the least bit afraid. It simply coiled in the strike position. I kept back of striking distance and wondered if it would come after me. But I could hardly imagine that. (I carry a hiking stick to stand between me and a potential predator.)

After about 90 seconds of facing off, he decided to uncoil himself and wander into the brush and let me by. But he did it so slowly, without the least bit of fear.

Anyway - it's all good.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

On the role of ports in networking

#11 Post by Flash »

The whole 'port' thing is a major revelation. By that I mean that the scheme of ports, what they do and how they work, is central to networking and especially the use of the internet, yet it is barely mentioned in the literature that is meant for beginning computer users to read. I didn't know they existed for several years after I started using a computer, and, after it began to dawn on me that they play a central role in networking, I still had a hard time finding an explanation of them.

Perhaps if writers of 'how-to' articles and books for beginners would give ports their proper place and explain what they are and how they work, people would have a better idea of why certain exploits work and how to guard their system against them.

User avatar
Ian
Official Dog Handler
Posts: 1234
Joined: Wed 04 May 2005, 12:00
Location: Queensland

#12 Post by Ian »

To me the easiest way to use Puppy and not have to worry about anyone getting into my box would be to remove the HD and just use the live CD.

AS my box sits on the bench beside my with the sides removed to facilate swapping the 8 or so HDs that I use removing the HD is no problem and I don't know how much harm an intruder could cause just by being in RAM.

If they could attack any part of your box apart from the HD they would be doing it already.

As I run behind a firewall and only use Puppy for the internet I don't seem to have any problems but that is not to say that nothing can happen, when and if it does I'll deal with it.

I run more risk of losing data through HDs frying on me than from outside attacks and that's why I have a file server.

In relation to ports all the info is available if you read the Linux HowTo Firewall & Proxy Server the only thing being that you will have to read up on iptables to stay up to date.

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#13 Post by rarsa »

Bruce said
Your statement about leaving the system 'unattended' causes me to think you have a belief that people can remotely access your Linux computer when you are running as root without an interaction on your part. How so?
.

There is a difference between belief and certainty. If you are running as root you actually require extra 'interaction on your part' to avoid intrusion.

How so, you ask? I am not a security expert or hacker. - I've just read a couple of security books and attended a couple of sessions at conferences - but... If people weren't able to remotely access your computer, there wouldn't be a need for firewalls.

I am glad that you have taken all those steps to protect your computer. I also run behind a hardware firewall , so I am not too concerned about running as root. I am also carefull with what I download, open and run and I haven't been infected with a trojan in Windows.

My educated belief is that you require more knowledge and more 'interaction on your part' to run as root and still be protected. Remember that not everyone has a hardware firewall or understands how to correctly configure a software one. Many less technically savy users open ports without understanding the risk. Actually, even security experts keep learning new risks they did not know about.

Of course if you know what you are doing, running as root is OK. And it seems that you do. But don't assume that most people do.

Run each process with as little privilege as it requires.

That is a rule of thumb. If it does not apply to you, great. Just don't assume that it does not apply to anyone.

You've taken steps to protect your computer and learned how to be a good netizen. Then I don't understand how you can suggest that running unprotected is good netizenship. By definition running as root unprotects a system. (All the extra steps you have taken, either protect the network or are based on educated desicions)

It's like saying that because nobody has slipped in front of your house in winter it is not good citizenship to shovel and melt the ice.

Bruce B

#14 Post by Bruce B »

I could talk shop and generally prefer to, but I don't want to lose sight of my point of contention.

It is not socially immoral or wrong to run your personal computer as root. I run Puppy as root with no password even. I run Vector as root with no password. I run Suse with a password because it's bossy and makes me do it.

If you wish to maintain the position about other people being affected or bad Netizenship, I think it fair to ask you to back up this moral stance with some specifics.
  • 1) who got affected remotely because someone else was running their personal computer as root, where they would not have been affected otherwise?

    2) when and where did it happen?

    3) what was the nature of the adverse affect?

    4) if possible, how was it that running as root caused the problem?

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#15 Post by BarryK »

An interesting note about ShieldsUp:
I originally tested it back around Puppy version 0.6, when Puppy apps were compiled on RedHat 8.0, and I think it was Mozilla 0.9.8.
When Linux Firewall was installed, ShieldsUp reported total stealth, that is, ALL ports were in stealth mode. It reported Puppy as totally hidden.
I can't achieve that anymore, and I'm not knowledgeable enough in the field to understand why.

Note, we aren't using Linux Firewall anymore, replaced by Morizot, as the former wasn't installing properly -- rather, the graphical installer is faulty, but the firewall does work if manually installed, except can no longer get the total stealth mode of all ports.

A note about running as root:
It's very contentious.
The real Puppy, the mascot for Puppy Linux, was a very tiny dog, a Chihuahua, but totally fearless. he didn't seem to know that he was vulnerable because of his small size.
Once when my sister was visiting my country property, she brought her Blue Heeler, a very solid middle-sized dog named Muti. We were out walking, and suddenly there was a substantial rustling of branches of a large bush, something was in or behind the bush. Muti took fright and ran back behind the legs of my sister, whereas Puppy got into launch position in front of the bush and barked furiously. It turned out to be my dad playing a trick on the dogs.
Puppy used to chase kangaroos and other big wild animals.
Totally fearless, but perhaps that is what did him in in the end.

Anyway, Puppy Linux is like that, reckless, unshackled, in memory of the mascot, even though we know there's some risk.

Having said that, we probably do need to generally move in the direction of being more protected.

Bruce B

#16 Post by Bruce B »

Michael Robertson CEO of Linspire has had lots of criticism setting up the OS to run as root.

It is also a fairly major distro. Read what he has to say here:

http://info.linspire.com/askmichael/question9.htm

-----------------

More on my arguments;

Argument 1
  • What do I want to protect? For the most part I want to protect user files. If I value my user files I should have regular back-up procedures in place. Meaning, methods of protecting my important documents and files.

    I'm not particularly worried about losing system files. I have the Puppy, Suse, and Vector CD-ROMS within arms reach.
Argument 2
  • It is not necessarily easier to intrude on root than it is a user. For example, suppose there were a way of gaining control over my computer through Firefox. The exploit would be just as successful on root as it would be a user.

    The hacker, if he gained my level of permissions and access, could read, write and execute anything I can read, write and execute. My user documents, the most important documents are at his mercy.
Argument 3
  • If my computer was intruded on, I would consider it compromised. I'd want to clean house and figure out how it took place and put the preventive measures in place.

    Regardless of if the computer was compromised with me a user or root, it is still a compromised system.
Argument 4
  • It is not happening. Personal computers running Linux and not running services such as proxies, ftp, http are simply not being exploited to any significant degree, although the services they run are targets.

    My computer gets hit often several times an hour. Fully 90% of the hits are on ports 1026 and 1027. Many of them are from China and Japan. There is a big exploit there on XP - the DCOM services for people who have not applied the patches.

    DCOM doesn't exist in Linux and it is not bound to these ports. There is nobody home to answer the door for the hackers.

    Reference: http://grc.com/port_1026.htm

    Other ports are 21, 80, 8080, 22 and a range of ports for known Windows trojans. I've never seen a scanner scan 65535 ports. They go for known ports with exploits and those are almost without exception, known Windows trojans, robots, and other Windows exploits. Of course non OS specific common service ports.

    We are not running this software, and that is the primary reason there is not much to concern ourselves with.

    Sort of like having a cabin in the wilderness and no one ever has come around to bother you.

    Also, gaining access to an open port doesn't mean a successful hack. Port 8 the ping port is software written to respond to ping requests. It is not going to edit a graphic file, hand over root's password or allow entry to the system.
Changind subject to something fun.
  • I used to run an unprotected HTTP server for the public. It was specially written to always say yes to the hackers and give them an error code of 200 and hand them a clear 1x1 Gif file. Plus log all their activities.

    The hacker script would sends requists like ../../cmd.exe and all kinds and combinations of CGI scripts exploits. My HTTP server would always say OK and immediately hand them the GIF image. That is all it was programmed to do, say yes to everything and give it an invisible GIF image.

    Not to mention, keep precise and detailed logs of everything the hacker would do. This way I could tell with precision what was being done. The hacker getting good feedback on his end would go the whole nine yards with his scripts and techniques.

    The point being that even have the software bound to the port and servicing the hacking industry, it was safe because it wasn't actually going to let someone in. It wasn't programmed that way.
Everything is good.

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#17 Post by edoc »

Bruce B wrote: If you wish to maintain the position about other people being affected or bad Netizenship, I think it fair to ask you to back up this moral stance with some specifics.
  • 1) who got affected remotely because someone else was running their personal computer as root, where they would not have been affected otherwise?

    *The lists run in the thousands, including major business and government sites. Where have you been? It has been all over the news for years.

    2) when and where did it happen?

    *All over the world.

    3) what was the nature of the adverse affect?

    *Lost data, stolen private data, lost business, wasted taxes due to harm to government productivity (already minimal), compromised security, compromised safety.

    4) if possible, how was it that running as root caused the problem?

    *Allowed hackers to use the host computers to attack systems and find their vulnerabilities, or allowed them to overwhelm and shut down systems.

    *I apologize for sounding harsh but I canot imagine any computer literate person being unaware of the massive harm that has been occuring across the world because of unsecured personal and business computers.

    *I just ran everything on ShieldsUp on my Suse laptop. 100% secure.

    *Carefully climbing down off my soapbox ... doc

Rich
Posts: 278
Joined: Wed 04 May 2005, 19:00
Location: Middlesbrough - UK

#18 Post by Rich »

edoc wrote:
Bruce B wrote: ............... wasted taxes due to harm to government productivity
That one doesn't apply over here in England. Our Government has little or no beneficial productivity anyway and don't need an excuse to waste our taxes.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#19 Post by Flash »

edoc, you make a lot of assertions but don't give any concrete examples. I would really appreciate it if someone could cite an instance where browsing the internet while running as root is the reason a computer was compromised, or caused more damage when it was compromised than if it had been running as a user with less privileges than root. Until I see some real data, I'm going to side with Bruce B.

Besides, Puppy is a special case. If I don't install Puppy to the hard drive, but instead run from the CD, and I'm the only user, then I think the argument about the dangers of running as root needs to be revisited. Mr. Knopper made it so hard to run as root in Knoppix that I found Knoppix to be all but useless. When I heard about Puppy (in the Knoppix forum) I tried it out and never went back to Knoppix.

Running as root certainly isn't the only reason I like Puppy better than Knoppix, but it definitely is a big one. It's hard enough for me to get things to work; why make it more complicated unless there is some provable benefit?

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#20 Post by edoc »

Flash wrote:It's hard enough for me to get things to work; why make it more complicated unless there is some provable benefit?
On this point we agree for sure! ;-) :-) :-\

doc

Post Reply