Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 22 Jul 2014, 03:33
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Run puppy as spot
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 6 [83 Posts]   Goto page: 1, 2, 3, 4, 5, 6 Next
Author Message
noryb009

Joined: 20 Mar 2010
Posts: 537

PostPosted: Mon 25 Apr 2011, 18:18    Post subject:  Run puppy as spot
Subject description: su Spot && xwin
 

Would it be possible to add something to puppy/woof that lets you run all of puppy (or at least X and a few other things) as spot via su? You would choose to use spot or not as either a kernel option, question when turning on, or something else. It would be a simple way to get a multiuser puppy running by editing 1/2 files, but I don't know if it would work, or how to edit the boot files to try it out.

Anyone know if this is possible?

_________________
=================
Download Puppy Linux Windows Installers
Package your puppy as a windows installer

Last edited by noryb009 on Mon 25 Apr 2011, 22:08; edited 1 time in total
Back to top
View user's profile Send private message 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Mon 25 Apr 2011, 19:38    Post subject:  

Puppy runs as root. It's by design. It's in the attitude. Get used to it.
Back to top
View user's profile Send private message 
noryb009

Joined: 20 Mar 2010
Posts: 537

PostPosted: Mon 25 Apr 2011, 20:07    Post subject:  

Quote:
Puppy runs as root. It's by design.


Then let's redesign it.

Running as spot is what some people want. You may not want it, I might not want it, but some people do want it. Running as a unprivileged user is a feature, and more secure (fixes all puppy viruses I know about - 0) but does make it harder for people to be infected (especially with puppy's way of package management - google and download a random .pet).

Also, it would make reviewers give puppy more "points", making more people want to use it.

_________________
=================
Download Puppy Linux Windows Installers
Package your puppy as a windows installer

Last edited by noryb009 on Mon 25 Apr 2011, 22:08; edited 1 time in total
Back to top
View user's profile Send private message 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Mon 25 Apr 2011, 20:56    Post subject:  

Let's NOT redesign it. All the other 8,936 Linux distros in the world enforce this dumb idea that running as root is dangerous. Puppy is the smart one that refuses to endorse the dumbness. It's meant to be that way. Those who choose to repeat mindlessly over and over that running as root is dangerous (but have no idea why, they just keep repeating it) have all the other 8,936 knee-jerk distros to choose from.
Back to top
View user's profile Send private message 
noryb009

Joined: 20 Mar 2010
Posts: 537

PostPosted: Mon 25 Apr 2011, 22:08    Post subject:  

Quote:
All the other 8,936 Linux distros in the world enforce this dumb idea that running as root is dangerous.


One of the reasons they don't want users to run as root is so that they don't delete /, but also for multiple users to be able to elevate to root and not get into somebody else's files.

Quote:
Those who choose to repeat mindlessly over and over that running as root is dangerous (but have no idea why, they just keep repeating it)


And puppy users keep repeating it's not dangerous, even though it is (kind of). It's not dangerous because their is nothing to be afraid of. A lot of people who upload .pet files could easily add in a keylogger, spyware, or something else. And what is stopping them from doing it? For all we know, every package uploaded has a puppy virus! Let's not wait until the horse leaves the barn before we close the door.

Root is dangerous in certain cases, but downloading from a trusted source with a signature check makes it a lot less dangerous. Oops.

_________________
=================
Download Puppy Linux Windows Installers
Package your puppy as a windows installer
Back to top
View user's profile Send private message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Mon 25 Apr 2011, 22:46    Post subject:  

noryb009 wrote:
Running as a unprivileged user is a feature, and more secure (fixes all puppy viruses I know about - 0) but does make it harder for people to be infected (especially with puppy's way of package management - google and download a random .pet).

Also, it would make reviewers give puppy more "points", making more people want to use it.

And how many people have been infected? Zero. Puppy has many package management methods but downloading random .pets is not the one recommended.

How many "points" does Puppy need? Are our sales figures dropping? Will dividends and bonuses be cut this year? Is Puppy's primary goal to become the most popular distro?

I run most distros as root. The first time I logged in as root in one the wallpaper came up with a huge skull and crossbones warning me of imminent danger. I ventured on past the crocodiles and radioactive pits with my Indiana Jones hat and whip. Guess what? I saw the Ark before I saw the Giant Virusaurus with his glistening fangs and pointed tail.

noryb009 wrote:
For all we know, every package uploaded has a puppy virus!

That would be nice since no one has ever seen a Puppy virus.
virus.jpg
 Description   
 Filesize   74.9 KB
 Viewed   2409 Time(s)

virus.jpg

Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 26 Apr 2011, 01:48    Post subject:  



GROWL
http://murga-linux.com/puppy/viewtopic.php?p=335216#335216

Attack
http://www.murga-linux.com/puppy/viewtopic.php?p=421022#421022

Secure
http://puppylinux.org/wikka/Security

FUD
http://www.murga-linux.com/puppy/viewtopic.php?t=53227

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Tue 26 Apr 2011, 08:54    Post subject:  

noryb009 wrote:
One of the reasons they don't want users to run as root is so that they don't delete /, but also for multiple users to be able to elevate to root and not get into somebody else's files.

Oh, why didn't you say that before? This has nothing to do with running as root. If the the risk of deleting / is THE REAL reason, then Linux should come without the 'rm' command. There, problem solved.

noryb009 wrote:
And puppy users keep repeating it's not dangerous, even though it is (kind of).

Ah. Usually it's "a gaping wide security hole." Now it's "kind of dangerous." I see we're making some progress here.

noryb009 wrote:
A lot of people who upload .pet files could easily add in a keylogger, spyware, or something else. And what is stopping them from doing it? For all we know, every package uploaded has a puppy virus! Let's not wait until the horse leaves the barn before we close the door.

We finally agree on something. That problem is very present and very real. Unfortunately, it doesn't look like Puppy has the manpower/resources to fix that problem. And it has nothing to do with running as root.
Back to top
View user's profile Send private message 
noryb009

Joined: 20 Mar 2010
Posts: 537

PostPosted: Tue 26 Apr 2011, 16:31    Post subject:  

Quote:
And how many people have been infected? Zero. Puppy has many package management methods but downloading random .pets is not the one recommended.


"My computer has never had an undetected virus."

So you are saying to not trust random pets from this forum? That leaves compiling everything yourself. Take green_dome's wine pets for example. Less then 100 posts by green_dome (less when green_dome started the thread). Does posting ~100 times make you trustworthy? (Just using green_dome as an example). This is more of an package management issue, which is another topic. What I was trying to point at is that it is easier to infect root then it is to infect a user (and keep it hidden from the user better).

Quote:
How many "points" does Puppy need? Are our sales figures dropping? Will dividends and bonuses be cut this year? Is Puppy's primary goal to become the most popular distro?


One of puppy's purposes is for making old computers work like new. How is it to achieve that goal if no one recommends it to friends because they are scared of them running as root 24/7?

A few days after the puppy linux review at distrowatch, the hit ranking for 7 days is at 661 - much lower then the 6 month average (804). A big part of the review talked about root, and how the user can switch to spot after doing a bunch of work. More info about the actual distro (in place of the root section) would give users a better look at the distro, make them want to try it, and maybe convert. Like Luluc said: "Unfortunately, it doesn't look like Puppy has the manpower/resources to fix that problem."

Quote:
That would be nice since no one has ever seen a Puppy virus.


Correction: That would be nice since no one has ever detected a Puppy virus.
I know that there is a 0.1% chance any .pets on this forum have anything bad in them, but someone could easily go onto this forum, post 100 times, compile a smaller/faster ls, then get everyones credit card. That wouldn't be good.

(In case your wondering, the ls would download and install a new infected library for the default browser randomly. This is just an example)

Quote:
Oh, why didn't you say that before? This has nothing to do with running as root. If the the risk of deleting / is THE REAL reason, then Linux should come without the 'rm' command. There, problem solved.


Quote:
Quote:
And puppy users keep repeating it's not dangerous, even though it is (kind of).

Ah. Usually it's "a gaping wide security hole." Now it's "kind of dangerous." I see we're making some progress here.


Let's compromise: It's a gaping wide security hole that has a sign saying "Please do not exploit.".

-------------------------------------------------

I keep bring up the issue of .pets by random people because it's a real issue that isn't going to be fixed anytime soon.
Back to top
View user's profile Send private message 
runtt21


Joined: 07 Jun 2008
Posts: 1642
Location: BigD Texas

PostPosted: Tue 26 Apr 2011, 17:35    Post subject:  

pet2tgz NAMEOFTHEPET.pet
Back to top
View user's profile Send private message Visit poster's website 
rcrsn51


Joined: 05 Sep 2006
Posts: 8901
Location: Stratford, Ontario

PostPosted: Tue 26 Apr 2011, 17:39    Post subject:  

As Luluc said, the issue of malicious PET packages is entirely separate from running as root. Suppose Puppy was changed so the default user was unprivileged. In order to install a package, you would then have to login as root. At that moment, you have given the package all the permission it needs to install its payload. If it wants to steal my credit card number, running as non-root won't protect me.

LInux is all about trust. You have to trust that my PET is safe. I have to trust the developer whose program I packaged. He has to trust the developers whose libraries his program uses.
Back to top
View user's profile Send private message 
666philb


Joined: 07 Feb 2010
Posts: 1626
Location: wales

PostPosted: Tue 26 Apr 2011, 18:05    Post subject:  

noryb009

If all these idea's came to fruition, puppy having passwords, puppy saying permission denied, having to sudo to change the wallpaper and mount your drives, or install an officially vetted .pet. The whole 'Additional software' thread being removed (it would have to be untill every single posted pet was vetted! literally thousands!) No posting code in threads.
Would it still be the same puppy that we all love? and the same forum that we all enjoy?

Puppy as a distro, and the puppy forum as a community are both very special and somewhat unique.....as a distro puppy is supremely versatile, all the things that you wanted done to puppy in your original post are able to be done by you, using information found in the forum. Pizzapup has posted a technical 'how to' on how to make a multiuser puppy. Or you could download his iso, or you could have each user have there own encrypted savefile, or you could have each user have their own multi save cd/dvd or they could have their own usb. They are lot's of solutions.....to just run a browser as spot there's lobsters growl.

Puppy booted live with a cd and pfix=ram is more secure than any installed operating system, presuming you trust Barryk and the developer of your particular puppy, you know that you have a completely pristine operating system. Even booting a frugal that is on the harddrive or on a usb, all it takes is to check the md5 of the puppy.sfs to be as certain of a pristine OS as with the live CD.

If you're not doing you're internet banking from a live cd, then you really aren't taking security that seriously, what ever operating system you have. And however many times you sudo. The same goes to storing creditcard numbers on your computer, and important passwords (paypal) in your browser. You shouldn't be doing that on any operating system!!!

As to this forum, this is a really friendly and helpful place, an absolute mine of information, solutions and development, where else do you have the devs helping beginners, without dictating to them. It's a genuine open society, and that's a special thing. That people can share .pets for the benefit for everyone is marvelous! Lots of the things that are now part of puppy, started by being posted in the 'applications'section, and were improved by people trying them and giving feedback.

Puppy is pretty consistantly in the top10 on distro watch out of how many linux distro's? and i believe that is because people like it, because puppy is puppy!

I for one, do not want, passwords, multiuser & sudo to be part of my puppy, however, i have no problem with someone making a pet (properly vetted Smile ), or releasing a puplet which has these features. There are a small minority of people like yourself that are wanting these features. So why not get together, and using the information on the forum, experiment and see if you can come up with something. Remastering puppy is simple, and once you start, I think you'll find it will be fun.

666philb

_________________
Quickpet_Precise, install popular apps quickly http://www.murga-linux.com/puppy/viewtopic.php?t=83642
LÖVE2d, a collection of 27 lua gameshttp://www.murga-linux.com/puppy/viewtopic.php?t=76739
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 26 Apr 2011, 18:39    Post subject:  

Pizzasgood did that multiuser for Puppy 421? and read more here
http://www.murga-linux.com/puppy/viewtopic.php?t=47409

Quote:

This is a multiuser version of Puppy 4.2.1. Initially, it should work just like a normal 4.2.1 Puppy - you are automatically logged in as root. However, there are a few new wizards in the Setup section of the menu. One for adding new users. One for changing your password. And one for disabling the automatic login. The idea here is that this could be used as a standard Puppy, without impacting the vast majority who like to be root, while still allowing the few who really have good reasons to not be root to do as they choose with minimum effort. Which also means they stop complaining about how they don't like being root. So it's a win for everybody.

There were a great many changes that had to happen under the surface for this to work nicely. See the above link to read the gory details. I'll just list a summary of the features here:

Wizards for adding new users and configuring the autologin feature.
Has sudo
Users in the "disk" group can mount/unmount partitions.
Users in the "audio" group can use audio devices.
Users in the "power" group can poweroff and reboot.
Users can have a personalized xorg.conf file at /etc/X11/$USER/xorg.conf. (This must be created by hand, as the xorgwizard is root-only.)
The Xvesa video wizard will allow user-specific configuration.
Has virtual terminals 1-6 configured. X will run on 7.
Global /etc/bashrc file.
Includes the real shadow utilities (useradd, gpasswd, etc.).


There is also Lighthouse puppy that can have users but read on their page. I am not the guy to explain how they set it up.

http://www.lhpup.org/release-lhp.htm

As I remember it took him many weeks to get it going. And none has had the knowledge to do it after him. So it is not as easy as remastering at all. One need to know Puppy like a Dev knows it. Many details that has to fit together. IIRC I asked him if he every wanted to do it again with a more modern version and AFAIK he where not motivated to ever do such tedius work again. So it was a one time off. None has the patience to do it again as I get it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3385
Location: Sydney Australia

PostPosted: Wed 27 Apr 2011, 06:55    Post subject:  

666philb's last post says it all.

I am entirely ticked off by all this security crap.

Give it a rest.

////////

Security people....controlling tossers.

http://www.theinquirer.net/inquirer/news/2045528/hundreds-log-rogue-wireless-hotspot-infosec-conference

Chris.
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7781
Location: qld

PostPosted: Wed 27 Apr 2011, 07:48    Post subject:  

Chris

http://www.murga-linux.com/puppy/viewtopic.php?p=515151#515151

That's 666philb's other "root" thread. Visit his link and enroll.

You'll be in elite company. Jesus, Rambo, ... just to name a few.

Cheers!

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 6 [83 Posts]   Goto page: 1, 2, 3, 4, 5, 6 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1160s ][ Queries: 13 (0.0054s) ][ GZIP on ]