pfix=ram does not make you invincible
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
pfix=ram does not make you invincible
A common idea around Puppy is that you are invincible when running with pfix=ram. The OS is entirely in ram and the drives are all unmounted. Nothing persists.
I say to you: don't be complacent.
First of all, partitions don't need to be mounted to be modified. Programs that work on the drive at a very low level, such as dd, fdisk, parted, and mkfs.* don't care if it's unmounted (in fact they prefer it).
Second of all, those unmounted partitions could simply be mounted.
In a normal Linux, you would be somewhat protected from those vectors of attack because they require root privileges. In Puppy, however, you run as root by default...
This isn't a criticism. As I have said in the past, I support Barry's choice to make Puppy root by default. (I do believe it would be nice if we had improved support for running as other-than-root built in however.)
I simply wish to make sure that nobody becomes complacent and believes that pfix=ram makes them totally invincible. It makes a huge difference, but there are still plenty of ways for your computer to be borked from pfix=ram mode.
If you want to play around in an environment where you really can't bork the computer, you should look at virtual machines. Assuming a bug-free implementation, you can boot a Puppy with Qemu and do anything you want. Unless you tell Qemu to give the virtual machine access to real devices, it can't touch them. (It can access the network by default, however. That can be disabled, IIRC.)
This public service announcement was sponsored by cake.
I say to you: don't be complacent.
First of all, partitions don't need to be mounted to be modified. Programs that work on the drive at a very low level, such as dd, fdisk, parted, and mkfs.* don't care if it's unmounted (in fact they prefer it).
Second of all, those unmounted partitions could simply be mounted.
In a normal Linux, you would be somewhat protected from those vectors of attack because they require root privileges. In Puppy, however, you run as root by default...
This isn't a criticism. As I have said in the past, I support Barry's choice to make Puppy root by default. (I do believe it would be nice if we had improved support for running as other-than-root built in however.)
I simply wish to make sure that nobody becomes complacent and believes that pfix=ram makes them totally invincible. It makes a huge difference, but there are still plenty of ways for your computer to be borked from pfix=ram mode.
If you want to play around in an environment where you really can't bork the computer, you should look at virtual machines. Assuming a bug-free implementation, you can boot a Puppy with Qemu and do anything you want. Unless you tell Qemu to give the virtual machine access to real devices, it can't touch them. (It can access the network by default, however. That can be disabled, IIRC.)
This public service announcement was sponsored by cake.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
I want cake
We do try and educate ourselves
We are generally not running servers
passing along Windows files
That is why Linux has virus checkers - to check
it is not carrying files that it is immune to but could infect the Redmond sheep.
Many of us insist on running from HD
from old habits.
(HD = hard disk - not High Definition in this case)
Some need to use HD for speed
and memory.
Many are better served with a
CD/DVD or multisession Puppy running
- hence the 'puppy pfix=ram' option
at boot up
Using 'puppy pfix=ram' and a new
(not existing save file) I would feel
my cake is safe
Then I would run the firewall
(I have a router firewall) but let us put the firewall
on
I am not yet connected to the internet
but let us have two firewalls
. . . and be running a non Windows OS
Personally I would feel safe
I would then connect to 'The Internet'
(warning may contain . . .
all kinds of things)
- viral ads, time traveling lobsters
dubious images
I would not bother with GROWL
http://www.murga-linux.com/puppy/viewto ... 79&t=45884
Now put on your mind control device
and enjoy baking your cake
http://www.biotele.com/mind_readers.html
More Mind control News
http://tmxxine.com/www/
We do try and educate ourselves
We are generally not running servers
passing along Windows files
That is why Linux has virus checkers - to check
it is not carrying files that it is immune to but could infect the Redmond sheep.
Many of us insist on running from HD
from old habits.
(HD = hard disk - not High Definition in this case)
Some need to use HD for speed
and memory.
Many are better served with a
CD/DVD or multisession Puppy running
- hence the 'puppy pfix=ram' option
at boot up
Using 'puppy pfix=ram' and a new
(not existing save file) I would feel
my cake is safe
Then I would run the firewall
(I have a router firewall) but let us put the firewall
on
I am not yet connected to the internet
but let us have two firewalls
. . . and be running a non Windows OS
Personally I would feel safe
I would then connect to 'The Internet'
(warning may contain . . .
all kinds of things)
- viral ads, time traveling lobsters
dubious images
I would not bother with GROWL
http://www.murga-linux.com/puppy/viewto ... 79&t=45884
Now put on your mind control device
and enjoy baking your cake
http://www.biotele.com/mind_readers.html
More Mind control News
http://tmxxine.com/www/
Re: pfix=ram does not make you invincible
was it fruitcake by any chance?Pizzasgood wrote:
This public service announcement was sponsored by cake.
Re: pfix=ram does not make you invincible
ho hum, what was i thinking, obviously it was a piz-za-cake.aarf wrote:was it fruitcake by any chance?Pizzasgood wrote:
This public service announcement was sponsored by cake.
you better be careful pizza,slandering your puppy like that could have unexpected consequences:Man Shot By His Dog
All my information written on a sheet of paper and locked in my desk drawer doesn't make me invincible.
There are no guarantees in life, but it helps to be a reasonably fast gazelle. If you're too slow, the lions will get you. Window's is definitely the slowest gazelle. Puppy? Too much work for the lions to chase down on a routine basis.
There are no guarantees in life, but it helps to be a reasonably fast gazelle. If you're too slow, the lions will get you. Window's is definitely the slowest gazelle. Puppy? Too much work for the lions to chase down on a routine basis.
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
It was strawberry-flavored cake, with strawberry-flavored frosting. Unfortunately, no actual strawberries. Pretty good anyway though.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
mostly i run from internal SDcard so that would not be so difficult. Content that is produced myself is minimal anyway. Mostly what is stored on my computer is copies of what is on the web so damage or loss is not a irrevocable event. Even then everything is backedup to external Usb plugged HD.dejan555 wrote:Open your PC case and unplug your drives physically.
Err, just a thought...
- linuxsansdisquedur
- Posts: 248
- Joined: Tue 13 Jan 2009, 21:17
- Location: South of France
invincibility with puppy ? .... be light !
- live cd to preserve OS
- no hd ( big fat hard disk to stock for ever before crash in a trash can mode)
OR data always on backup to never lose'em (military way)
OR accept to lose everything not necessary(ascetic way)
- a copy of pupsave on usb not connected in case of infection (or bad soft install?)
- live cd to preserve OS
- no hd ( big fat hard disk to stock for ever before crash in a trash can mode)
OR data always on backup to never lose'em (military way)
OR accept to lose everything not necessary(ascetic way)
- a copy of pupsave on usb not connected in case of infection (or bad soft install?)
le max avec le min