Browse as user "Spot"

Browsers, email, chat, etc.
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#41 Post by nooby »

oops sorry I did have a dir spot there and I did look at permissions and it seems to be owned by the whole world. But I had not read your post then and was looking for bsafe and that one was no where to be found so I deleted the spot dir and wanted to start all over.

How does one see if it is owned only by spot. Every box was filled in it.

When I tried to do the bsafe it did look like it worked but none such could be found

Ahh I should have done this one?

quote
rcrsn51 wrote
Clearly, you don't want to save lots of files in spot because it fills up your savefile. So go to /mnt/home and make a folder called "spot-download". Give its ownership to spot
Code:
chown spot:spot /mnt/home/spot-download

Now you have a better place to download files. Of course, this folder is now theoretically vulnerable to attack.
/quote

But if it is vulnerable to attack then what is the usage? I mean that was why we wanted to be spot in the first place :) To get away from such vulner things
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#42 Post by L18L »

nooby wrote:... Apology to the author of it that I failed to remember who it was...
Accepted

But the part Running FF as spot is not from me! see http://murga-linux.com/puppy/viewtopic.php?p=516037

spot

coming from download of RPhoto_rcrsn-0.4.0.pre to ~/spot/Downloads
Last edited by L18L on Sat 23 Apr 2011, 15:09, edited 1 time in total.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#43 Post by rcrsn51 »

L18L wrote:Accepted
spot

coming from download of RPhoto_rcrsn-0.4.0.pre to ~/spot/Downloads
???

Are you confirming that something worked? For the sake of other readers, please explain.

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#44 Post by L18L »

Sorry, there was this forum bug again (spaces in URL)
I confirm that I am running defaultbrowser as spot and the download goes into spot/Downloads

I did not install the pet just applied seaside's advice in http://murga-linux.com/puppy/viewtopic.php?p=516037

EDIT
nooby,
don't worry, this time it was me who was confusing :)


Edit
And I did not try to use root's bookmarks
Last edited by L18L on Sat 23 Apr 2011, 15:27, edited 3 times in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#45 Post by nooby »

Sorry for all the confusion. I have collected things about it and my ADHD makes it impossible for me to add everything because then it just blur out. So I forget to add in sources and links and whome wrote what.

Back on topic.

Browse as Spot.

Yes I want to but I also want to use the prefs I have already set up.

Okay Luluc seems to describe how that is possible. By doing thing in right sequence the owner of the prefs will be spot and the .mozilla placed in that spot directory that is password protected and root has a new password too


and the big problem is that I should not ever run root there to change something. Only use spot apart from using root to move pictures out to mnt/home if I want to keep them also for root to look at when not logged in as spot?

The problem for me is that I do want to use the browser as root.
So I need to reboot into a clone that is root then? Or maybe have one browser like FF3.6.16 as owned by root and one FF4.0 as owned by Spot?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#46 Post by L18L »

nooby wrote:...keep them also for root...
No, root may and can do everything inclusive viewing of pictures of all users

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#47 Post by nooby »

L18L refer to these exchanges
http://murga-linux.com/puppy/viewtopic. ... 665#515665

Sorry I am always confusing
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#48 Post by nooby »

But I did try to follow what rcrsn51 wrote but maybe something in my set up here made it to fail or some space in teh code whatever. the bsafe never got created.

I can start with spot again though.

okay about root I still ahve the problem that my body will not be able to refrain from starting browser as root. it don't ask my persmission it just go doing it and then later I realize that hours ahs gone by as root
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#49 Post by rcrsn51 »

nooby wrote:But if it is vulnerable to attack then what is the usage? I mean that was why we wanted to be spot in the first place :) To get away from such vulner things
Again, this is the crucial issue. There is nothing magic about the user spot. If you let a piece of malware into your system (like a script off a web page) that wants to delete or alter your files, it doesn't matter who you are logged in as. It can change any file that it has permission to do so. If it is running as spot (or any other unprivileged user) it can delete ANY file belonging to that user. But it cannot change your system files or start a malicious process like a bot. (This presumes that the malware didn't gain privilege elevation through some other method.)

But if you are running your browser as root, the malware can attack any file owned by root - which is all of them!

Consider what happens in Windows. If you are like many people and routinely login as the admin user, then a malicious script has full rights to your file system. That's how it inserts itself into the Windows registry and numerous other spots.

Personally, I have come to accept bugman's view of Internet security. The single most important thing you can do is control web page scripting.

What is a mystery to me is why Firefox's implementation of Javascript is still so vulnerable to exploits. Does anyone have a explanation for this?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#50 Post by nooby »

I would love to migrate to using spot as often as possible but latest failure makes me have severe headache :) Wow it was much more difficult than I thought.

What about the advice to just drag default browser icon to spot? and then it is owned by spot or something? maybe that is the easiest if I find the right icon that is. is it the one named Browse on the Desktop?

so I create a dir on mnt/home and go into permissions and tell it to be powned by spot? I change password for spot and for root too and then it should just work?

okay I need to move the .mozilla dir to spot too.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#51 Post by Luluc »

nooby wrote:I would love to migrate to using spot as often as possible but latest failure makes me have severe headache :) Wow it was much more difficult than I thought.

What about the advice to just drag default browser icon to spot? and then it is owned by spot or something? maybe that is the easiest if I find the right icon that is. is it the one named Browse on the Desktop?

so I create a dir on mnt/home and go into permissions and tell it to be powned by spot? I change password for spot and for root too and then it should just work?

okay I need to move the .mozilla dir to spot too.
Hi, nooby. Open this file with any file editor:

/usr/local/bin/defaultbrowser

It should contain this:

Code: Select all

exec firefox "$@"
Change it to this:

Code: Select all

exec su spot -c firefox "$@"
All your problems are solved.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#52 Post by nooby »

Luluc thanks for wanting to sort things out but ...

Yes but the code from rcrsn that I used in rxvt deleted user spot and created a new one and then I due to ADHD deleted that dir at mnt/home so I need to know how to recreate that again and move teh .mozilla dir to that one and it should be owned by spot and have the right permission and so on.

in what order should I do all of that then?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#53 Post by rcrsn51 »

@nooby: This is far too confusing. I would suggest that you leave this issue for now and come back tomorrow when clearer heads may prevail.

I would also suggest that you set up a test install with a fresh pupsave file.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#54 Post by nooby »

For your sake I could but how can I get teh firefox preferences over to that one then?

no need to wait to tomorrow here there are 4 more hours to go to bed :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#55 Post by Luluc »

nooby wrote:Luluc thanks for wanting to sort things out but ...

Yes but the code from rcrsn that I used in rxvt deleted user spot and created a new one and then I due to ADHD deleted that dir at mnt/home so I need to know how to recreate that again and move teh .mozilla dir to that one and it should be owned by spot and have the right permission and so on.

in what order should I do all of that then?
You deleted /mnt/home/spot? After you had moved .mozilla from /root to /mnt/home/spot? So, do you still have .mozilla anywhere? I am afraid you may have deleted all copies of it.
rcrsn51 wrote:@nooby: This is far too confusing. I would suggest that you leave this issue for now and come back tomorrow when clearer heads may prevail.

I would also suggest that you set up a test install with a fresh pupsave file.
I agree. But it doesn't have to be a completely new pupsave file. It can be any other recent one. I suspect that nooby is doing all this experimentation on expendable copies of her actual pupsave file.

BTW, I'm signing off for today. Can't help anymore.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#56 Post by nooby »

Here is my solution, I did created a new lupu513 subdir based on Snowpu5 and named it snow5spot to know it is prepared to be a spot browser thing.

I used a copy of a backup pupsavefile so what should I do now?
this one have .mozilla on the root and not on mnt/home
I use Google Search on Puppy Forum
not an ideal solution though

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#57 Post by jpeps »

I just noticed this thread, and just looked briefly at the first few posts. Since I use spot with sudo and a designated home directory, I'll briefly weigh in. Running a downloaded copy of Firefox from Spot from a terminal is no problem...it will install new config directories in home. If I run from root, it will use .mozilla in /root.

The underlying principle running with non-root user is that basically you start from scratch setting up apps, unless you want to go through the hassle of changing permissions, etc. It's often just easier to run the apps from root unless you have a specific reason not to. Puppy works great the way it is for most users.

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#58 Post by Bernie_by_the_Sea »

Javascripts have a number of inherent limitations in them to prevent them from doing malicious things to a network, so at best it can snoop around, issue commands to anything that's not password protected and has a web interface (Assuming it can identify it), etc. Having a rogue Javascript operating in your browser environment is nothing to lose sleep over.
Javascript has been around for over a decade now, and is almost universally enabled by web users. There's a reason why Javascript exploits are almost never attempted: they're not only screamingly obvious and leave a nasty paper trail, but their scope is extremely limited and their chances of finding a successful target quite low. There are any number of better, safer ways to attack a person with absolutely no security sense.
Does only accessing the internet on a user account help protect against this?

Well it's a good idea for a lot of other reasons, but no. A Javascript has absolutely no direct access to the system it's running on, so it's no less secure if you're running as root.
Emphasis added. Above quotes from:
http://anti-state.com/forum/index.php?b ... adid=17522

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#59 Post by rcrsn51 »

That page is dated 2006. A lot of things have changed since then. So if Javascript isn't the culprit, then what content on a web page is capable of changing the Windows registry?

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#60 Post by rcrsn51 »

@nooby: The technique of creating a new unprivileged user whose home directory is in /mnt/home won't work for you. It requires that /mnt/home be formatted with a Linux filesystem like ext. You don't have this.

Also, trying to symlink spot's .mozilla profile into /mnt/home won't work either. Spot doesn't have write permission there.

Post Reply