Puppy Linux Discussion Forum

[tronkel]

The australian police are advising people who use their computer for on-line banking to use a live CD and mention amongst other distros, Puppy Linux. This has been widely reported recently.

Thing is, Puppy always runs as root and therefore could still be vulnerable to hidden downloaded executables that could read and subsequently re-transmit any sensitive data such as passwords that are resident in RAM during the on-line session.

In order to close down this possibility, it would be better to at least have the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.

Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version.

[MU]

You may use such a script:
/usr/local/bin/seamonkeyspot

[Pizzasgood]

Been there, done that. Built the Puppy, made a revision, wrote lots of documentation.... No t-shirt though
Multiuser Puppy
It doesn't come with a limited user already installed though (well, there is spot, but he isn't configured any differently from in the standard Puppy, so you would probably prefer to create a limited user to use, who would then have a normal desktop). You have to boot once as root, add other users, remember to change your password, disable the autologin, and then reboot. The reason I did it that way is to make it transparent, so that the rest of us who like being root don't notice any change. That way it would be easier for a developer to slip this into an official Puppy without causing riots. People are free to remaster it into a version that has different defaults if they want a version that comes preset to be used with pfix=ram or whatever.



But the nice thing about MU's method rather than actually running completely as the user is that if only Seamonkey is spot, then if Seamonkey is compromised, it can only modify things spot can modify, which is nearly nothing outside of the /root/spot/ directory. On the other hand, if you were logged in as a limited user named tronkel, and just running Seamonkey normally (so that it was also running as tronkel), then if Seamonkey were compromised, it would be able to modify anything that tronkel can modify.

In a purely ram situation, where there is no preserved data at all, there isn't as big of a difference since tronkel wouldn't have much data around anyway, and still wouldn't be allowed to modify system files. But for an installation where data is preserved, tronkel will presumably have all his personal data stored owned or at least readable by the tronkel user, so that he can read it without jumping through hoops. In that case, being a limited user does not protect you at all from a privacy standpoint if your browser is compromised, since it has the same permissions you do.

So to be really paranoid you would want to run as a limited user, but then run your browser as a different (and even more limited) user. This could probably be done fairly painlessly with sudo so that you wouldn't have to input a password just to run the browser as user "browser", but could still have the browser user password protected from the other users (in case you have multiple people involved, or in case you want to isolate other applications too, like IRC or email, and don't want them to be able to read eachother's data).

[tronkel]

MU wrote:

[MU]

not certain, must test it on my own in Puppy 4.3 tomorrow.
It cannot change to a directory because of wrong permissions.
Might be wrong permissions for /tmp

Try this command:
chmod 777 /tmp

In newyearspup this is set by default.

Mark

[MU]

hm, in Puppy 4.3.0 (frugal installation) it works.
I will test Puppy 4.3.1 tomorrow, as it takes some hours to download using a mobile internet connection that I use this week.

I attach the script, just in case a typo error was the case for your problem.

I also slightly modified it, so it tells you, who you are:

[jabu2]

Tronkels proposal is a really useful new capability for Puppy, and removes one minor shortcoming - security for traveller-users (compared to other distros).

"the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.
Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version."

This capability will need to be a simple on/off toggle for the average puppy user - implying some neat programming from you linux-majors who know how to do that, and make a gui.

Tronkels description of purpose could be put in plain English ie
"logging in to Puppy as a non-root user" could become
"use ultra-security" (or words to that effect). And perhaps it should default back to the root-user mode at logoff (fail-safe position for several reasons).

And adoption by Technosaurus into 4.4CE specs

And notifying to future potential users by Lobster via the 4.4 wikka......http://puppylinux.org/wikka/Puppy44


jabu2 (4.31 with firefox, and 4.3.1 final on Fujitsu lifebook)

[Pizzasgood]

Why do people keep forcing me to break out the big fonts?

Download a MULTIUSER Puppy HERE

Can I get a QED?

[amigo]

MU, /tmp should be chmod'ed 1777, to prevent non-root users from being able to delete the directory.

[tronkel]

Ok, seem to have found the permissions problem with the su command.

chmod-ing /tmp to 777 didn't work. The problem was with the permissions of the root directory in Puppy, i.e. '/' (not /root).

After chmod-ing this to 777 everything started working.

Many thanks for the cool idea MU.

[tronkel]

Attached is a dotpet that contains MU's seamonkeyspot script
plus a GUI exectutable. All the GUI does is to run the script. GUI was made using FLTK and C++

The pet makes a menu entry called "safemonkey secure browser"
This starts your seamonkey browser as user "spot" who has no access to system files. This should ensure that no malware can be installed without your knowledge, even running as a live cd.

Seems to work, apart from a profile problem that causes the seamonkey main window to corrupt slightly. It's an old Mozilla problem - not sure what the solution is yet.

Will test it further. Let me know what you find.

edit: see lower down the thread for an updated dotpet that includes exception handling that checks for the existence of seamonkeyspot script in /root

[Lobster]

Seems to work OK Tronkel
I have done much the same here (I hope) in script
but also included running Puppy Browser securely
and Screen Lock enhancement

GROWL
http://www.murga-linux.com/puppy/viewtopic.php?p=353697#353697

[Pizzasgood]

.... it is not a good idea to make / 777. If you do that, any limited user can rename the top level directories (they cannot actually delete them if there is any content within them that they don't have permission to change, but they can rename just fine).

You are better off running Seamonkey as root than doing that.

And anyway, you definitely should not need to make / 777 just to run seamonkey as spot. The problem must be something else.

[retry3]

HP Notebook 1.4Ghz 512MB, dying HD - 431 Frugal Live CD

Installed safeseamonkey (great application idea)

My financial website would not let me have access even with all the correct passwords etc.

When I tried to quit safeseamonkey, the dialog box would not close even after it went all gray with no fields or data and safeSM would not quit until I used kill.

Tried to open safeSM again but got stuck in a loop in the dialog box and it failed to open.

Next I changed to user "spot" & ran normal Seamonkey and was able to log in & access my account OK.

II would like to use safeSM but I don't know what to do next; reinstall?

My question is, whether I am just as secure by being spot first and then opening my regular SM, as using safeSM alone? Something Pizzagood wrote makes me wonder..

[tronkel]

Hi retry3

Yes, as far as I can see, you're just as safe running a user spot directly.

The safeseamonkey GUI is only an attempt to make it friendlier for newbies to think more about security stuff without having to get to grips with scripting and such-like.

Can you make sure that the seamonkeyspot script is actually in your /root folder? It it wasn't there, that would be a reason why the program would crash.

This was only a first shot at this. I should really have included some exception handling that checks if the script is actually there.

Thanks for the feedback. Let me know what happens.