Run puppy as spot

For discussions about security.
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#31 Post by Lobster »

Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#32 Post by noryb009 »

Lobster wrote:Fido will save you
http://bkhome.org/blog/?viewDetailed=02240
:D

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#33 Post by Bernie_by_the_Sea »

Okay, to avoid letting Fido in the house we could try cleaning up spot.

Barry wants the "browser working perfectly in every respect. That would include GTK themes, SSL, font rendering, etc. Plus, a mechanism for downloading files outside of /root/spot is needed." He also wants "drag-and-drop browser to the desktop and other rox windows."

My spot browser system (that is a total of 26 bytes) works with drag-and-drop. I just copied it from /root/ to /usr/share and I can drag it to the desktop. My SeaMonkey fonts in spot look fine. How is font rendering tested? Mine is not using my GTK theme -- I'll look at that. SSL? How is this tested? SSL for what? Internet banking? Web hosting? Privacy? Security? Downloads outside of /root/spot? It looks like that might cancel browser-in-spot security.
^
Last edited by Bernie_by_the_Sea on Sat 30 Apr 2011, 15:51, edited 1 time in total.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#34 Post by jpeps »

Bernie_by_the_Sea wrote:Okay, to avoid letting Fido in the house we could try cleaning up spot.

Barry wants the "browser working perfectly in every respect. That would include GTK themes, SSL, font rendering, etc. Plus, a mechanism for downloading files outside of /root/spot is needed." He also wants "drag-and-drop browser to the desktop and other rox windows."

My spot browser system (that is a total of 26 bytes) works with drag-and-drag. I just copied it from /root/ to /usr/share and I can drag it to the desktop. My SeaMonkey fonts in spot look fine. How is font rendering tested? Mine is not using my GTK theme -- I'll look at that. SSL? How is this tested? SSL for what? Internet banking? Web hosting? Privacy? Security? Downloads outside of /root/spot? It looks like that might cancel browser-in-spot security.
I think gmail uses SSL; it will probably work in Spot. Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#35 Post by rcrsn51 »

jpeps wrote:Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.
You shouldn't need write permission to use a font. Spot should still have read permission on places like /usr/share/fonts.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#36 Post by jpeps »

rcrsn51 wrote:
jpeps wrote:Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.
You shouldn't need write permission to use a font. Spot should still have read permission on places like /usr/share/fonts.
You're right, they're available. They didn't initially show up because my setting are in /root

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

run puppy as spot

#37 Post by L18L »

Browsing as root and spot will confuse everybody
Downloads
The only change in our behaviour is that installing directly from browser will not work for spot. It is just 1 click more if Downloads is opened in rox.
But the entire discussion is for safety of especially new users (and reviewers' opinions about puppy)
So
- browsing as root should become not possible anymore.
- /root/Downloads will be owned by spot
- changes in browser configuration: no open as petget
- offering only directories writeable by spot

HTTPS
no problem, I have already inspected my banking account as user spot

Drag and Drop no problem to drag text from browser to root's console or geany

So I am very confidont :)

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#38 Post by rcrsn51 »

In Quirky 1.3 and Wary 5.11, sound doesn't work in Spot. You can fix it by increasing permissions

Code: Select all

chmod -R o+rw /dev
L18L wrote:browsing as root should become not possible anymore.
So what happens to a user with a frugal install inside a Windows partition whose savefile isn't big enough to hold a download?

Bruce B

#39 Post by Bruce B »

rcrsn51 wrote:So what happens to a user with a frugal install inside a Windows partition whose savefile isn't big enough to hold a download?
Does Windows understand Linux permissions?

On a Linux partition, I made a download directory, outside pupsave, with spot as
the owner. Spot can read and write to this directory.

Then of course that directory is spot's default download directory. To keep
things more orderly, spot can make subdirectories within it, before committing the download.

~

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#40 Post by rcrsn51 »

Does Windows understand Linux permissions?
That's the point. Forcing users to browse as Spot means that they can only download into a Linux partition.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#41 Post by Lobster »

Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#42 Post by James C »

Lobster wrote:Fido available as a pet :)
http://bkhome.org/blog/?viewDetailed=02241
Believe I'll stick with running as Root.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#43 Post by nooby »

http://bkhome.org/blog/?viewDetailed=02240

That is the link to Fido on Barry's blog on my computer :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

run puppy as spot

#44 Post by L18L »

rcrsn51 wrote:...
L18L wrote:browsing as root should become not possible anymore.
So what happens to a user with a frugal install inside a Windows partition whose savefile isn't big enough to hold a download?
I admit, I had not been thinking about windows when making that statement. It has been influenced by Bruce's comment
Now there is no root .mozilla. I changed things so if I accidentally try and start Firefox as root, it won't run. Basically, modifying start scripts to verify the user is spot.
I don't have a windows partition and can now only speculate about what would happen in that situation:
if the savefile is not big enough the system will request to increase the savefile. The savefile itself is .sfs, permissions in windows(none= all =777). Inside the savefile there are permissions set linux files.

Of course this needs to be confirmed by real tests, volunteers to the rescue please.

Until that I stay confidont.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#45 Post by nooby »

As you all know I am not the sharpest knife in our collective drawer :)

So take this as a friendly teaser.

Would it be easier to do without a pupsave file? English user don't need it for changing the keyboard map to no or dk or de or fr or es or whatever.

Each time I try a non puppy linux distro I end uo going to Terminal and writing setxkbmap se to know where to find / or [ or something else needed.

What else does one need a pupsavefile for. Time. We all live in different time zones. Could that be handled in some other way?

Sure one want to retain the Firefox bookmarks and kind people tell me to use a free online sync but that makes me to rely on them getting enough ads that pay for it or they go pay or go broke.
so I have tried to solve this by exporting bookmarks as a html and then one click on these and add them as bookmarks maually each time at boot when one need them. Cumbersome but one need no pupsavefile.

What else is it needed for. oh yes all the other changes that people love. Switch the background image and change style and icons and how the menu list things and so on. Screen savers and what not.

So could one just load such as an sfs file instead using SFS-Exec that Seaside has a thread about? I don't know just trying to think :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

DangerDog!

#46 Post by Bernie_by_the_Sea »

nooby wrote:http://bkhome.org/blog/?viewDetailed=02240

That is the link to Fido on Barry's blog on my computer :)
But that's not where you get the download that's in Lobster's link:
http://distro.ibiblio.org/quirky/pet_pa ... 2-1-w5.pet

I’m working on DangerDog! creating the most dangerous Linux distro possible -- always root, no firewall allowed, javascript and flash always enabled, unlimited write and exec permissions given to the world, no encryption passwords, browser user agent announcing DangerDog! and inviting well-wishers to send fleas, advertisements, popups, bombs and dangerous toys.

However there’s a trick to DangerDog! that makes it the safest Linux distro possible. Guess what that trick is. I can’t tell you because that might discourage well-wishers from sending all those goodies. Puppies need bones to bury.

Getting back on topic maybe a warning sign when Puppy boots up might satisfy some critics and chase off some of the paranoids Puppy seems to attract.
Attachments
puppy_as_root.jpg
(42.3 KiB) Downloaded 1509 times
puppy_as_root2.jpg
(39.62 KiB) Downloaded 1531 times

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#47 Post by nooby »

I should use the second picture there as a background pic and send to my Ubuntu luvr old work mate :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#48 Post by L18L »

Lobster wrote:Fido available as a pet :)
http://bkhome.org/blog/?viewDetailed=02241
The reports of my birth are greatly exaggerated
fido :wink:

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Re: DangerDog!

#49 Post by L18L »

Bernie_by_the_Sea wrote:..Guess what that trick is. I can’t tell you because that might discourage well-wishers from sending all those goodies. Puppies need bones to bury..
And I won't tell...
Bernie, please make sure that root won't be able to install any additional software and forget everything read in Linux for Dummies...
Anyhow in case of additional software the culprit won't be puppy but root himself.

DangerDog lets me think about bones serving as honeypot for puppies. :roll:

(forum software buggy? Cannot make correct URL )

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#50 Post by nooby »

http://en.wikipedia.org/wiki/Honeypot_%28computing%29

Test of manual entry of url one need % 2 8 and % 2 9 maybe

Sorry me feel dense but Honeypot Puppy then would be kind of totally open to the outside world and presenting a kind of Sandbox that made the impression that they have looked around and left a keylogger and back door and whatever behind while in actual life they only had access to a fake version and containted within some safe loopmounted file system that flash a warning to the real puppy that yet another break in had happend and don't save it to the pupsave this time either. Click here and all get aborted instantly something. ooh my headache comes back :)
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply