Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Dec 2014, 03:25
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
"Mount Blocker" for online safety?[solved]
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
greengeek

Joined: 20 Jul 2010
Posts: 2746
Location: New Zealand

PostPosted: Mon 05 May 2014, 21:13    Post subject:  "Mount Blocker" for online safety?[solved]  

Does anyone know if it is possible to make some sort of "Mount Blocker" that would prevent any attempt to mount storage devices?

I'm thinking of a situation where I would be using a live CD for banking purposes - with no intention of creating a savefile - and I wanted to prevent any hacker from mounting hard disks and usb sticks that might be plugged into my system.

So I would load the CD using pfix=ram and somehow have the puppy code modified so that the storage devices would be totally locked out.

Could it be as simple as remastering a puppy so that it had certain items removed permanently from the /dev directory?

Last edited by greengeek on Thu 29 May 2014, 06:18; edited 1 time in total
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9030

PostPosted: Tue 06 May 2014, 07:22    Post subject:  

hmm there was a huge thread on this subject a while ago.

When you say 'hacker' are you talking about a user in say a cyber cafe or via the internet as the latter is not really a linux issue.

If someone wanted to mount and is computer savvy I think this it unfeasible.

For less teccy users then you could remove the drive icons/pmount and perhaps say write the mount script to not work in X.
Some fiddling with udev might do the trick too.

mike
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11180
Location: Arizona USA

PostPosted: Tue 06 May 2014, 10:32    Post subject:  

If the mount command is removed, is there any other way to access the contents of a drive? Can't dd do it without the mount command? Maybe the only way to guarantee it can't be done is to disconnect anything you don't want read.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9030

PostPosted: Tue 06 May 2014, 12:04    Post subject:  

Hmm well geek proof becomes pretty impossible... there is busybox mount for example and busybox is used extensively.

If you are dealing with users that find the mount command meaningless then life is easier.

mike
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2746
Location: New Zealand

PostPosted: Tue 06 May 2014, 16:00    Post subject:  

What generated this question was a request from a Windows user friend of mine who no longer feels secure doing his banking through XP so he wanted to use puppy. He plans to use XP only for his Photoshop stuff and other specific programmes that are unlikely to work on Puppy.

The banking side of things works fine of course, but I started to worry that he could accidentally delete critical files from the XP hard drive - hence the desire to prevent mounting of the storage drives and just use puppy as a live CD - more or less just a browser interface really.

I could remove desktop icons but then I thought maybe there is a better way to do it - which would also prevent a more experienced hacker or Trojan from mounting the drives at all. (Who knows when a Linux trojan might start doing the rounds...).

I will see if I can find that other thread.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11180
Location: Arizona USA

PostPosted: Tue 06 May 2014, 16:02    Post subject:  

I guess the real question is, how many ways are there for malware to go about accessing a storage device?
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9030

PostPosted: Tue 06 May 2014, 17:19    Post subject:  

Just tell him to stop using IE and outlook express...

mike

actually if he wants tinfoil why not set up vbox for him.... its what most paranoid windows users do...
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 934
Location: USA

PostPosted: Tue 06 May 2014, 17:46    Post subject:  

mikeb wrote:
Just tell him to stop using IE and outlook express...

mike

actually if he wants tinfoil why not set up vbox for him.... its what most paranoid windows users do...


if he has a P4, vbox will not work as well as on a newer computer because the P4 doesn't have hardware virtualisation support. vmware player/workstation won't run at all on a P4.

Your best option is to burn puppy to a disc then open the case and disconnect the drives (except for the cd drive) and run it that way. boot from the CD. Do your banking stuff. When it asks if you want to save the session to a savefile, just press no. Reconnect the drives and boot XP.

Don't forget to remove the disc before shutting down.

_________________
......
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9030

PostPosted: Tue 06 May 2014, 18:35    Post subject:  

qemu then with kqemu ...works ok on a pentium 3.....

disconnect the hard drives eh...

mike
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 391

PostPosted: Tue 06 May 2014, 18:40    Post subject:  

Quote:
I'm thinking of a situation where I would be using a live CD for banking purposes - with no intention of creating a savefile - and I wanted to prevent any hacker from mounting hard disks and usb sticks that might be plugged into my system

If the puppy LiveCD is a pristine new image of the op-sys/gui, and you power off the PC before booting the LiveCD (clear memory) using puppy pfix=ram pmedia=cd, and use a pristine/new version of a browser to go nowhere else other than to the banks web site, and you've a router firewall and puppy firewall both running, and you power off/reboot afterwards (not saving) - then any hacker has EXTREMELY limited means to potentially 'break-in'.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 488
Location: The other Mr. 305

PostPosted: Tue 06 May 2014, 18:49    Post subject:  

It sounds to me that all you're really looking to do is have the drives mount as read only. Wouldn't that prevent your friend from writing or downloading something bad to a drive?

Couldn't a read-only mount script get loaded at startup? I have a script that mounts all drives as read-only but I manually execute it. Probably something that unmounts all drives and remounts all as read-only ...

Oh, and better make sure the puppy he's using has an updated openssl version to protect from the Heartbleed.

To check, go to terminal and type: openssl version

I believe 1.0.1 and 1.0.1f are the ones with issues.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2746
Location: New Zealand

PostPosted: Fri 09 May 2014, 16:43    Post subject:  

slavvo67 wrote:
It sounds to me that all you're really looking to do is have the drives mount as read only. Wouldn't that prevent your friend from writing or downloading something bad to a drive? Couldn't a read-only mount script get loaded at startup? I have a script that mounts all drives as read-only but I manually execute it. Probably something that unmounts all drives and remounts all as read-only
Thanks - yes, that is a good possibilty, although I would really like to ensure all gui icons are removed so no mounting takes place at all. I'm almost there but not quite...

I've decided it is beyond the scope of my expertise to totally lock out 'mounting by hacker' so I will settle for making it hard (or preferably impossible) for a novice user to accidentally mount their Windows or any other partition while using this live pup for banking etc.

I can't expect to remove all dangers posed by access to the cli, but I have renamed pmount to pmounter (so it can't be activated from currently configured gui icons etc) and I want to remove any other gui based access point I can find that such a user might click on and jeopardise their pre-existing data.

I have got rid of the desktop icons for drives/partitions by modifying the following settings in the /etc/eventmanager file:

HOTPLUGON=false
ICONDESK=false
ICONPARTITIONS=false
HOTPLUGNOISY=false
FD0ICON=false

I also changed this setting to true:
AUTOUNMOUNT=true

This is ok so far, but it seems that when the desktop icons are removed, Puppy reverts to a behaviour that apparently existed "pre Puppy 4" where it places an icon labelled "Drives" on the desktop as a replacement for the individual drive icons. Clicking this "Drives" icon starts pmount. Obviously with pmount disabled clicking this icon does nothing (which is good) but I want to go one step further by removing the icon.

The icon is defined in the file /root/Choices/Rox_Filer/PuppyPin as follows:
Code:
 <icon x="160" y="32" label="drives" args="any 0">/root/.pup_event/drive_drives</icon>


Does anyone know where I can find the actual code that writes the 'drives' icon definition into this PuppyPin file?

I have found some code that refers to it in /sbin/clean_desk_icons but I don't think that does the writing of the icon definition. Lines 30-36 are as follows:
Code:
#remove all invalid drive icons off desktop...
echo -n "" > /tmp/pup_event_ok_pin
if [ "$ICONDESK" = "false" ];then
 #leave single 'drives' icon on desktop...
 grep '/root/.pup_event/drive_drives' /root/Choices/ROX-Filer/PuppyPin >> /tmp/pup_event_ok_pin
 rm -rf /root/.pup_event/drive_[^d]* 2>/dev/null #delete all except drive_drives.
else


English words I can read, but asterisks and carets slow me down a lot Smile
Back to top
View user's profile Send private message 
RSH


Joined: 05 Sep 2011
Posts: 2420
Location: Germany

PostPosted: Fri 09 May 2014, 19:17    Post subject:  

All I do know is that the drive icons are created by /sbin/pup_event_frontend_d.

This is sometimes a full script (like in Lucid) and sometimes a short script just to execute /usr/local/pup_event/pup_event_frontend_d, which then is (as far as I know) a binary, that calls/uses /usr/local/pup_event/frontend_funcs - this contains the code then.

In this case the script /usr/local/pup_event/frontend_startup seems to have the needed code section:
Code:
if [ "$ICONDESK" = "false" ];then
 #only show a single 'drives' icon on desktop...
 DRV_NAME='drives'
 DRV_CATEGORY='any' #see pmount.
 DRV_DESCRIPTION="all drives"
 create_icon_func #needs DRV_NAME, DRV_CATEGORY, DRV_DESCRIPTION.
else
 #show all drives on desktop... w476 add ext4... 130216 add f2fs...
 PROBEPART="`probepart -k | grep -E '\|f2fs\||\|ext4\||\|ntfs\||\|msdos\||\|vfat\||\|ext2\||\|ext3\||\|iso9660\||\|udf\||\|audiocd\||\|xfs\||\|reiser'`"
 if [ "$FD0ICON" = "true" ];then #see /etc/eventmanager
  if [ -e /sys/block/fd0 ];then
   PROBEDISK="/dev/fd0|floppy|Legacy floppy drive
$PROBEDISK"
   PROBEPART="/dev/fd0|vfat|1440
$PROBEPART"
  fi
 fi
 for ONEDRV in `echo "$PROBEDISK" | cut -f 1,2,3 -d '|' | tr ' ' '_' | tr '\n' ' '`
 do
  DRV_NAME="`echo -n "$ONEDRV" | cut -f 1 -d '|' | cut -f 3 -d '/'`"
  DRV_CATEGORY="`echo -n "$ONEDRV" | cut -f 2 -d '|'`"
  DRV_DESCRIPTION="`echo -n "$ONEDRV" | cut -f 3 -d '|' | tr '_' ' '`"
  [ "`echo "$PROBEPART" | grep "$DRV_NAME"`" = "" ] && continue #precaution (such as CD not inserted).
  create_icon_func startup #needs DRV_NAME, DRV_CATEGORY, DRV_DESCRIPTION, PROBEPART.
 done
fi


Function create_icon_func seems to do the job and this function is existing in /usr/local/pup_event/frontend_funcs.

Hope that will help somehow...

_________________
LazY Puppy
RSH's DNA
SARA B.
Back to top
View user's profile Send private message 
RSH


Joined: 05 Sep 2011
Posts: 2420
Location: Germany

PostPosted: Fri 09 May 2014, 20:00    Post subject:  

Ok.

Made a quick mod and test.

Commented out these lines (from section shown in post above):
Code:
DRV_NAME='drives'
DRV_CATEGORY='any' #see pmount.
DRV_DESCRIPTION="all drives"
create_icon_func #needs DRV_NAME, DRV_CATEGORY, DRV_DESCRIPTION.


Added to these lines the following command (just to have a command before else):
Code:
echo "disabled drive icons"


So it looks like this:
Code:
#DRV_NAME='drives'
#DRV_CATEGORY='any' #see pmount.
#DRV_DESCRIPTION="all drives"
#create_icon_func #needs DRV_NAME, DRV_CATEGORY, DRV_DESCRIPTION.
echo "disabled drive icons"


Made the needed settings to the event manager and restarted X.

No drive icons at all!
image-1.jpg
 Description   
 Filesize   74.7 KB
 Viewed   106 Time(s)

image-1.jpg


_________________
LazY Puppy
RSH's DNA
SARA B.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2746
Location: New Zealand

PostPosted: Sat 10 May 2014, 01:52    Post subject:  

Many thanks RSH - that seems to work perfectly!
cheers.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1049s ][ Queries: 12 (0.0128s) ][ GZIP on ]