Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 12:23
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Big security hole: Should have implimentation.
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [34 Posts]   Goto page: 1, 2, 3 Next
Author Message
securityfreak

Joined: 11 Mar 2014
Posts: 2

PostPosted: Tue 11 Mar 2014, 23:22    Post subject:  Big security hole: Should have implimentation.
Subject description: ROOT FUNCTIONALITY
 

One thing with the system is that it really NEEDS to have a User account, THEN root on top of that. This way a person can USE the system, but then also be able to SU to the administration account to further administrate the system.

Because if you are using it on an older system, and want to have users on it, but for them to NOT have full access of it all, then it should not have root access from the get go.


This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.
Back to top
View user's profile Send private message 
p310don

Joined: 19 May 2009
Posts: 706
Location: Brisbane, Australia

PostPosted: Wed 12 Mar 2014, 00:49    Post subject:  

Can everyone who has used puppy for years please detail the hacks they have been victims of please?
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 5794
Location: Kentucky

PostPosted: Wed 12 Mar 2014, 01:11    Post subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


Zero here.
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 279

PostPosted: Wed 12 Mar 2014, 01:41    Post subject:  

No problems here.

OP, if running as root is a problem, you should just use a different distribution.
Back to top
View user's profile Send private message 
Fossil

Joined: 13 Dec 2005
Posts: 610
Location: Gloucestershire, UK.

PostPosted: Wed 12 Mar 2014, 05:19    Post subject:  

Quote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?
Have been using various Puppy incarnations every day, for eight - 8 - years. NEVER any attack or problem.
If you ain't happy with the product - move on!
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3447
Location: West Lothian, Scotland, UK

PostPosted: Wed 12 Mar 2014, 05:26    Post subject:  

Once...and only once...upon a time...
When visiting some [malicious?] website...

I found windows opening on the desktop...
Displaying the contents of the Puppy CD-RW.

As I closed the windows, new windows would open.
So I used ctrl+alt+backspace to drop to a command prompt and rebooted.

Once back to the desktop, the problem was still there...
So...

I rebooted into a different Puppy CD-RW...
Deleted the pupsave of the problem Puppy...
Restored a good/clean recent backup copy [held on an external USB connected HDD, normally powered off] of a pupsave for the problem Puppy.
Then booted the original Puppy that had displayed the problem.

The problem was GONE! Very Happy

This is the only seeming security problem I've ever detected since beginning to use Puppy in Dec 2008.

These days, my Puppy doesn't save any session changes back to the pupsave on the internal HDD [neither during the session, nor at shutdown/reboot], unless I tell it to.
So I can [and sometimes do] power off improperly.
At next boot, the Puppy automatically scans&fixes the ext3 host partition file system and also the ext3 pupsave partition file system.
So far, doing this has never caused a problem [none of which I'm aware].
Hence, in the event of a problem I can just hold in the power button to power off.
Back to top
View user's profile Send private message 
RSH


Joined: 05 Sep 2011
Posts: 2420
Location: Germany

PostPosted: Wed 12 Mar 2014, 08:45    Post subject:  

Never had any problem since I'm using Puppy. And I had just once a problem when I was a windows user (should not have opened that unknown email Wink ).

Quote:
This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.

The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.

_________________
LazY Puppy
RSH's DNA
SARA B.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Wed 12 Mar 2014, 08:58    Post subject:  

Hmm like sylvander someone sent me to a site that had some horrible javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason I choose not to do but otherwise no harm done apart from my time wasted.

Apart from that we are looking at 8 years of running as root. Yes I managed to delete an entire partition of stuff though a bad script I made while learning (did recover most of it as it happens) so to me not being root guards against user stupidity NOT the internet which is a different matter.

As it happens I added multiuser to my puppies...not a major undertaking and it works as expected.... the lack of it is laziness and convenience since slax, another live distro, DOES provide full multiuser ability.

On a last note I recently did a weird one... created a user and then ssh to myself as that user and then ran firefox through x forwarding as that user...I felt suitably sandboxed Very Happy Of course this also requires additions to standard pups ...just though I would throw it in.

mike
Back to top
View user's profile Send private message 
Moose On The Loose


Joined: 24 Feb 2011
Posts: 525

PostPosted: Wed 12 Mar 2014, 10:13    Post subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


With very little effort on my part, I could misunderstand your request to include those that I have been victim to while using other OSes. That would make the list so long that I would not want to type it all so here is the first and the last few viruses I had trouble with.

First:
Back when my computer used two floppies and had no hard drive, I discovered that somehow a new TSR got onto my MSDOS-3 boot disk and was making a copy of its self on any new floppy. This meant that I could not get the full use of the space on the floppy.

2nd Last:
On a XP machine fresh out of the box, as soon as I connected to the internet but before I downloaded the antivirus software, a massive string of network actions happened and the machine froze up.

Last:
On a Win-7 machine, quite suddenly in the middle of my doing something, it began doing a huge number of network accesses and bogged down and then went into the shutdown all on its own.


I have been using Puppy since 4.10 was the latest version and so far have never had a virus etc get me.
Back to top
View user's profile Send private message 
dejan555


Joined: 30 Nov 2008
Posts: 2664
Location: Montenegro

PostPosted: Wed 12 Mar 2014, 10:27    Post subject:  

http://www.murga-linux.com/puppy/viewtopic.php?t=49025
_________________


Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
musher0


Joined: 04 Jan 2009
Posts: 4244
Location: Gatineau (Qc), Canada

PostPosted: Wed 12 Mar 2014, 15:49    Post subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


None whatsoever.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
catsezmoo

Joined: 09 Feb 2014
Posts: 16

PostPosted: Wed 12 Mar 2014, 16:39    Post subject:  

Quote:
javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason
NOT being logged in as root wouldn't prevent such a javascripted browser exploit
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Wed 12 Mar 2014, 17:01    Post subject:  

Quote:
NOT being logged in as root wouldn't prevent such a javascripted browser exploit

never said it would...please don't tell me what I have supposed to have said.

The point was about javascript on the net being the only problem ever experienced...a browser crash is the worst thing that has happened.... the subject of root is irrelevant in this case.

mike
Back to top
View user's profile Send private message 
ally


Joined: 19 May 2012
Posts: 848
Location: lincoln

PostPosted: Wed 12 Mar 2014, 17:06    Post subject:  

over 3 years solid puppy

no issues

Smile
Back to top
View user's profile Send private message Visit poster's website 
starhawk

Joined: 22 Nov 2010
Posts: 2878
Location: Everybody knows this is nowhere...

PostPosted: Wed 12 Mar 2014, 20:36    Post subject:  

RSH wrote:
The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.


This.

The one time I've ever gotten a virus (it was on Windows!) I felt pretty stupid in the aftermath, because I was dumb enough to click on one of those "you just got a free e-card" links in my email.

To be fair, my mother was away at the time and I was lonely -- something must've clouded my thoughts enough to make me think that it could possibly be from her... Embarassed well, that idea went away real quick! Fortunately, I had antivirus software that cleaned things up quite nicely...

There's quite a bit to be said for safe browsing/emailing habits!

That said, I've been using Puppy "recreationally" since shortly after joining this forum... and I've been using it steady as my main OS for a month or two now. No problems of any kind (other than some bugs in my specific Puppy version of choice, that I was able to work around) that I couldn't attribute to my own occasional stupidity Wink

_________________
Loving X-Slacko 2.1!
Custom Build: HP MOCA-AR + Core2Duo T7200 + 4gb RAM + 256gb SSD
...just needs a pretty case Wink
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [34 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0966s ][ Queries: 12 (0.0080s) ][ GZIP on ]