(old)Puppy Linux Discussion Forum

One thing with the system is that it really NEEDS to have a User account, THEN root on top of that. This way a person can USE the system, but then also be able to SU to the administration account to further administrate the system.

Because if you are using it on an older system, and want to have users on it, but for them to NOT have full access of it all, then it should not have root access from the get go.


This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.

Can everyone who has used puppy for years please detail the hacks they have been victims of please?

p310don wrote:Can everyone who has used puppy for years please detail the hacks they have been victims of please?

Zero here.

No problems here.

OP, if running as root is a problem, you should just use a different distribution.

Can everyone who has used puppy for years please detail the hacks they have been victims of please?

Have been using various Puppy incarnations every day, for eight - 8 - years. NEVER any attack or problem.
If you ain't happy with the product - move on!

Once...and only once...upon a time...
When visiting some [malicious?] website...

I found windows opening on the desktop...
Displaying the contents of the Puppy CD-RW.

As I closed the windows, new windows would open.
So I used ctrl+alt+backspace to drop to a command prompt and rebooted.

Once back to the desktop, the problem was still there...
So...

I rebooted into a different Puppy CD-RW...
Deleted the pupsave of the problem Puppy...
Restored a good/clean recent backup copy [held on an external USB connected HDD, normally powered off] of a pupsave for the problem Puppy.
Then booted the original Puppy that had displayed the problem.

The problem was GONE!

This is the only seeming security problem I've ever detected since beginning to use Puppy in Dec 2008.

These days, my Puppy doesn't save any session changes back to the pupsave on the internal HDD [neither during the session, nor at shutdown/reboot], unless I tell it to.
So I can [and sometimes do] power off improperly.
At next boot, the Puppy automatically scans&fixes the ext3 host partition file system and also the ext3 pupsave partition file system.
So far, doing this has never caused a problem [none of which I'm aware].
Hence, in the event of a problem I can just hold in the power button to power off.

Never had any problem since I'm using Puppy. And I had just once a problem when I was a windows user (should not have opened that unknown email ).

This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.

The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.

Hmm like sylvander someone sent me to a site that had some horrible javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason I choose not to do but otherwise no harm done apart from my time wasted.

Apart from that we are looking at 8 years of running as root. Yes I managed to delete an entire partition of stuff though a bad script I made while learning (did recover most of it as it happens) so to me not being root guards against user stupidity NOT the internet which is a different matter.

As it happens I added multiuser to my puppies...not a major undertaking and it works as expected.... the lack of it is laziness and convenience since slax, another live distro, DOES provide full multiuser ability.

On a last note I recently did a weird one... created a user and then ssh to myself as that user and then ran firefox through x forwarding as that user...I felt suitably sandboxed Of course this also requires additions to standard pups ...just though I would throw it in.

mike

p310don wrote:Can everyone who has used puppy for years please detail the hacks they have been victims of please?

With very little effort on my part, I could misunderstand your request to include those that I have been victim to while using other OSes. That would make the list so long that I would not want to type it all so here is the first and the last few viruses I had trouble with.

First:
Back when my computer used two floppies and had no hard drive, I discovered that somehow a new TSR got onto my MSDOS-3 boot disk and was making a copy of its self on any new floppy. This meant that I could not get the full use of the space on the floppy.

2nd Last:
On a XP machine fresh out of the box, as soon as I connected to the internet but before I downloaded the antivirus software, a massive string of network actions happened and the machine froze up.

Last:
On a Win-7 machine, quite suddenly in the middle of my doing something, it began doing a huge number of network accesses and bogged down and then went into the shutdown all on its own.


I have been using Puppy since 4.10 was the latest version and so far have never had a virus etc get me.

p310don wrote:Can everyone who has used puppy for years please detail the hacks they have been victims of please?

None whatsoever.

javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason

NOT being logged in as root wouldn't prevent such a javascripted browser exploit

NOT being logged in as root wouldn't prevent such a javascripted browser exploit

never said it would...please don't tell me what I have supposed to have said.

The point was about javascript on the net being the only problem ever experienced...a browser crash is the worst thing that has happened.... the subject of root is irrelevant in this case.

mike

over 3 years solid puppy

no issues

RSH wrote:The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.

This.

The one time I've ever gotten a virus (it was on Windows!) I felt pretty stupid in the aftermath, because I was dumb enough to click on one of those "you just got a free e-card" links in my email.

To be fair, my mother was away at the time and I was lonely -- something must've clouded my thoughts enough to make me think that it could possibly be from her... well, that idea went away real quick! Fortunately, I had antivirus software that cleaned things up quite nicely...

There's quite a bit to be said for safe browsing/emailing habits!

That said, I've been using Puppy "recreationally" since shortly after joining this forum... and I've been using it steady as my main OS for a month or two now. No problems of any kind (other than some bugs in my specific Puppy version of choice, that I was able to work around) that I couldn't attribute to my own occasional stupidity

starhawk wrote:to click on one of those "you just got a free e-card" links in my email.

Yes, that's really funny.

So it happened to me in the end of the year 2000 or begin of 2001.

Everyone did send e-cards then.

I was totally unexperienced and did a search for a anti-virus program especially for this virus, that has overcome my computer's data.

Found one.

Did erase almost everything from HD what was existing!

p310don wrote:Can everyone who has used puppy for years please detail the hacks they have been victims of please?

1) My wife keeps using my Puppy PC when her Win7 PC is non-functional with virus problems

2) My daughter keeps using my Puppy PC while her XP PC is unusable during system updates

3) My son keeps using my Puppy PC while he is doing a system restore on his Win7 netbook.

Why do these hacks keep using my machine?? I'm seriously thinking of ditching my Puppy PC so I can get some work done.

May be the right question is why puppy lost multiuser option if it can have it almost without adding extra size? It still can use autologin as root.

I know the usual answer - Do not use Puppy if you need user account!
I also hate to type sudo and like to use root account.

But the question is still there:
Why puppy lost multiuser support if it adds almost nothing to the size and it will bring new users attention to puppy linux?
What will Puppy loose if it has multiuser support? Nothing.
What is lost since it doesn't? More Puppy linux users.

Toni

Why puppy lost multiuser support if it adds almost nothing to the size and it will bring new users attention to puppy linux?

question for barry really.

Multiuser changes adds nothing in itself.. just script changes...busybox init can handle it. Many puppy scripts are coded for root rather than ~ so thats a bit of a sticky point... better desktop managers like XFCE4 are easier to deal with.

For the full job there needs to be a nice login manager, (slim I used), better login apps rather then tinylogin, and a skel folder for user profile creation. That adds up to ~ 500k uncompressed.

thats is really

mike

All of those are true saintless, well puppy actually didn't loose multiuser support technically speaking you can still add/remove users but you can't run Xorg and gui apps.
The reason for this are choices Barry made when creating puppy scripts and way of working.
Permissions for various devices and places are not set so another user can access them and a lot of puppy scripts use hardcoded /root directory for configuration instead $HOME.
There were several puplets that made workarounds for these limitations (grafpup on 1.x series, pizzasgood's 4.21 multiuser, I even have it kinda working on dpup486 now, you can test if you like)
But these fixes are individual per puplet and would need to be implemented in puppy skeleton/woof.

Later Barry was experimenting with fido/spot but he used wrong approach by assigning them to same home directory as root.
(It's not only about restricted user security it's also about having separate configs and separate home directories)
I don't know how much additional mess that added to scripts but it could be fixed.

I'm actually thinking of joining that woof-CE project and start implementing some small fixes to scripts for multiuser. It wouldn't be hard to do if other developers accept the idea.

Even I'm sometimes joking about not using puppy for other then root I also think that it's a shame not to have this ability.