Browse as user "Spot"

Browsers, email, chat, etc.
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#61 Post by nooby »

Thanks that explains it then.

I could still run FF as spot though but Spot will be a sub to root? an anything saved that I want to be outside of mnt/home I have to go there as root and move out of spot?

It would still add to security from injection code?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#62 Post by rcrsn51 »

nooby wrote:I could still run FF as spot though but Spot will be a sub to root?
Correct. If you check the properties of the folder /root/spot, you will see that it is owned by spot. That's the only place that spot has permission to save files, other than special locations like /tmp.
and anything saved that I want to be outside of mnt/home I have to go there as root and move out of spot?
Correct. If you are running your browser as spot, you cannot automatically download a file to /mnt/home. Spot does not have write permission on that folder.
It would still add to security from injection code?
I'm still not clear on that issue. Firefox is constantly releasing updates to fix various security issues. Since most Linux users are unprivileged, one could conclude that even though you are running the browser unprivileged, you are still vulnerable. Or maybe those updates really only apply to Windows users.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#63 Post by nooby »

Thanks, what about the Chromium and SRWare Iron then those being clones them using sandbox tech would that add security
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#64 Post by Bernie_by_the_Sea »

rcrsn51 wrote:So if Javascript isn't the culprit, then what content on a web page is capable of changing the Windows registry?
Just about any and all content on a web page is potentially capable of changing the Windows registry. Hint: ANY Mozilla, Firefox, Safari, or Opera plugin (that uses NPAPI which means almost all) is a doorway to access the registry.

Keep in mind that to change the Windows registry you must first have a Windows registry to change. Even with Wine, the Windows registry that Wine accesses is not the real registry but rather the one stored in Wine itself. Changes to the registry there affect only apps running in Wine. Have many running Linux in general and Puppy in particular have a Windows registry on their computer? Hint: a drive must be mounted to write to it.

Keep in mind that javascript cannot exceed the browser’s level of security (and this has nothing to do with running as root). The only thing a browser can write to is a cookie. The only thing a browser can communicate with is the server. The only data manipulation a browser can do is to the object model of the web page (used with forms and the like).

Note: To avoid teaching hacker/crackers I give only hints that might be used by defenders against hacker/crackers. Discussing things like web pages modifying the registry is dangerous in itself.

Another hint: Here's a handy plugin that can reach the registry on a computer where there are zero root/administrative rights. https://addons.mozilla.org/en-US/firefo ... n-regedit/

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#65 Post by 01micko »

OK, here's an experimental version of Browsesafe

It attempts to address some of the things being discussed here, such as other users than spot (an option) and installing config folder outside the savefile (another option). It all takes place at install time with a comprehensive GUI. It takes into account what type of install you have.

Be warned that for success you will probably have to delete any .mozilla files in /root/spot. Also it is experimental. Lots of stuff is going on behind the scenes in that install script so I have tried to be efficient.

Have fun

newer version, fixed bernie's bug and minor ntfs bug, added puninstall script to advise on some manual cleanup
Last edited by 01micko on Mon 25 Apr 2011, 00:54, edited 2 times in total.
Puppy Linux Blog - contact me for access

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#66 Post by Bernie_by_the_Sea »

01micko wrote:OK, here's an experimental version of Browsesafe
With the default installation it doesn't work in Wary 500.

Code: Select all

# browsesafe
/usr/sbin/browsesafe: line 2: /root/.browsesaferc: No such file or directory
Also I don't have a chat icon so the browsesafe icon went on top of my Opera icon.

I uninstalled it and reinstalled it not using the default. I didn't choose anything but the second time it worked.

It seems to have uninstalled cleanly but it took a 6MB chunk out of pupsave that I haven't found yet. EDIT: OK, I found it right where it was supposed to be at /root/spot/.mozilla and I got my chunk back.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#67 Post by nooby »

So browse safe works best with a fresh install? Does it work on frugal on NTFS too?

Big problem :) No sound in Spot. Does one have to open alsa in spot if one are allowed to even?

I use a pupsave file. Was that a no no? I did the pet but ti failed.

Instead I tested to go to terminal and doing

# su spot
# firefox

which start up firefox in spot and I have no access to mnt/home from within firefox and I can not update firefox or install addons to it?

ooops I will save something to see if that works
yes restricted to spot but Rox is root so I can move things from spot to mnt/home.

But I failed to get old .mozilla to work in Spot it insisted to create a new one.
I use Google Search on Puppy Forum
not an ideal solution though

Jasper

#68 Post by Jasper »

Hi 01micko,

Thank you for your excellent and flexible browsesafe-0.7.pet.

I have not yet been required to enter the password I set up. So I would like to ask when is that password needed?

I apologise to you and to rcrsn51 and to any reader who was offended by my original query which had two words in large text. I will not do that again.

My regards

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#69 Post by rcrsn51 »

nooby wrote:Big problem :) No sound in Spot. Does one have to open alsa in spot if one are allowed to even?
I don't see this problem. Maybe it's specific to your sound card?
But I failed to get old .mozilla to work in Spot it insisted to create a new one.
If you manually copy your .mozilla folder from /root to /root/spot, you must also transfer ownership to spot.

Code: Select all

chown -R spot:spot /root/spot/.mozilla
I did a quick test with Firefox and it worked for me.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#70 Post by nooby »

rcrsn51 wrote:If you manually copy your .mozilla folder from /root to /root/spot, you must also transfer ownership to spot.
Code:
chown -R spot:spot /root/spot/.mozilla

I did a quick test with Firefox and it worked for me.
Ooops so typical of me to not think about such things.

What does that mean then? Can I have one .mozilla in root that is owned by root and one on Spot that is owned by spot?

I mean if I make a copy of the one in Root so it also exists in Spot
and does that need another code to not lock the one in root to Spot? or globally something [/code][/quote]
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#71 Post by 01micko »

Hi guys

Bernie_by_the_Sea, thanks for bug report on the vanilla install, fixed

jpeps, these newer experimental versions have lots of options, explained below.

nooby, since this is testing there is some manual work to do to get this pet working if you have installed it before. I can't do it automatically because I have no way of knowing who you created as the user, if at all, so bearing this in mind, I dare not touch your spot either :) . Read carefully below.

Jasper, the password is not needed. I just couldn't figure out how to create the user without a password from a script. The password may be needed for other apps you decide to run as your newly created user.

rcrsn51, working ok for you? Any suggestions for improvement?

~~~~~~~~~~~~~

I should have explained when I posted ver 0.7 in more detail what the new setup screen can do.

-first of all, you don't even need to go to it (now, before there was a bug). Just click yes or no and you can browse as spot from the menu or icon with no current settings touched.

-if you choose the setup screen you will be confronted with a few options depending on your type of install

-if you have a full install, a frugal that saves to the entire partition or a save back to CD/DVD install then you are not given the option to save spots or your created user's browser settings outside of the savefile. This is because you would need to mount another partition to save the settings. A bit complicated and probably beyond the scope of this project. You still have the option to create a user, but it will be inside your filesystem.

-if you have a normal frugal then you are given the option to save settings outside your savefile.
*If you leave the default 'spot'. then a folder called 'spot-download' is created in /mount/home owned by spot. If you choose to import settings then you /root/.mozilla folder is copied to /mount/home/spot-download, ownership changed to spot, then that is symlinked back to /root/spot/.mozilla. If your /root/.mozilla is a symlink to some existing .mozilla outside the savefile, this is detected and a splash warns that that process can not happen. The ownership of symlinks depends on the target. Cache is cleared.
*if you create a user in a normal frugal then that user's home directory is created outside the savefile if you choose that option. /root/.mozilla is copied there and ownership changed accordingly. Cache is cleared.
*** Both these cases require that your save file is on a Linux filesystem. If not then I haven't figured out how to change ownership of directories on non-linux filesystems so the program refuses to do that and you are stuck with spot's or your user's browser settings inside your savefile.

HTH
Attachments
screen1.png
first screen you see
(24.72 KiB) Downloaded 1352 times
screen2-linux-filesys.png
ext4 detected
(35.55 KiB) Downloaded 1376 times
screen2.png
NTFS detected
(35.1 KiB) Downloaded 1372 times
browsesafe-0.8.pet
(10.09 KiB) Downloaded 526 times
Puppy Linux Blog - contact me for access

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#72 Post by nooby »

Micko thanks for the 0.8 pet
I started all over with a new snow5 named it snow5safe and used your 0.8 pet and that worked in that I had to start all over with passwords and bookmarks and so on but it does start from spot.
and save to spot but what about the bookmark.html file that still is owned by root. Can the criminals use such to get acess to the hdd?

Do I have to make them owned only by spot?

my older text now back to bed again if I can sleep this time. Hm
---
Hope I don't derail too much.

I did an experiment but not knowing enough about permissions run into trouble
urxvt in snow5 that is Lupu513 with Pemasu built in features from Jemimah and many others. I did this in Terminal

# cd ..
# ls
archive dev home lib mnt proc sbin sys usr
bin etc initrd lost+found opt root selinux tmp var
# cd root/spot
# ls
bkmrk.html bookmarks2009.html README.txt
# firefox

(firefox-bin:7643): libgnomevfs-WARNING **: Unable to create ~/.gnome2 directory: Permission denied
Could not create per-user gnome configuration directory `/mnt/home/spot/.gnome2/': Permission denied
#

As it shows I have added two bookmark html files there and made the ownership to spot. But spot don't have to permission to make the firefox preference file most likely. if I let it makes its own mozilla then it don't have my prefs in it. okay I try again to see if it is at least working with their prefs. But then I am not allowed to install noscript addon. and not do an update either of firefox which I should do now it is 3.6.13 and should be 16 instead.

There is so much still to learn for me. I did this and that fails too

# cd spot
# firefox

(firefox-bin:19933): libgnomevfs-WARNING **: Unable to create ~/.gnome2 directory: Permission denied
Could not create per-user gnome configuration directory `/mnt/home/spot/.gnome2/': Permission denied
# su -c firefox spot
su: must be suid to work properly
#

could it be that it still remember this thing from RCRSN51?
rcrsn51 wrote

As a test, I deleted the current spot user and created a new one whose home directory is a subfolder of /mnt/home.
Code:
deluser spot
adduser -h /mnt/home/spot spot

I then ran Seamonkey as spot
Code:
su -c defaultbrowser spot

My .mozilla profile was created in my new home directory and my downloaded files went there by default. So nothing was being stored in my savefile.
But I don't have any spot there in mnt/home only in root/spot

have to go to bed again
I use Google Search on Puppy Forum
not an ideal solution though

Bruce B

#73 Post by Bruce B »

Would someone please be so kind as to advise how I can load the add-ons and bookmarks using browsesafe?
I didn't use browsesafe or even know it existed until recently.

For me, it was primarily a decision to run Firefox as spot and no longer as
root.

I had some problems with the addons not working after copying /root/.mozilla
to /root/spot/.mozilla. I reinstalled the ones that didn't take and that pretty
well took care of things.

Of course I changed ownership of the files to spot.

Now there is no root .mozilla. I changed things so if I accidentally try and
start Firefox as root, it won't run. Basically, modifying start scripts to verify
the user is spot.

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#74 Post by nooby »

Thanks Bruce, can your help me get this?

Can I have one .mozilla in root that is owned by root and also that one copied over to Spot that is owned by spot? That would allow me to browse Puppy Linux Forum being root for to dowloading isos and pets and such and then when one browse sites one feel unsure then one start up the spot browser?

I mean if I make a copy of the one in Root so it also exists in Spot ?
And do as Rcrsn51 told me to make Spot own that .mozilla there.
I use Google Search on Puppy Forum
not an ideal solution though

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#75 Post by amigo »

Sure, just copy /root/.mozilla to /home/spot/.mozilla.
cp -a /root/.mozilla /home/spot/.mozilla

Do it as root, of course, and then change the ownership of spot's files like this(also as root):
chown -R spot:users /home/spot/.mozilla

That gives you an exact copy, but all the files belong to spot instead of root.

ggg

#76 Post by ggg »

Hello,

If Firefox [root or spot] is configured to request the download location, can anything be downloaded [malicious or clean - possibly except cookies] secretly [i.e without user knowledge] whether running as root or running as spot?

If a download [perhaps an iso, an sfs, a pet, etc,] is executed from within spot, how does that provide more security than if spot had not been used?

Tor does not appear to be included in the mozilla definition for use with spot?

Cheers

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#77 Post by rcrsn51 »

ggg wrote:If a download [perhaps an iso, an sfs, a pet, etc,] is executed from within spot, how does that provide more security than if spot had not been used?
You couldn't install a PET while you are running your browser as spot. Spot does not have permission to write files to folders like /usr/bin. To install the PET, you would terminate the browser session and go back to being root.

Spot couldn't mount an ISO or SFS because it doesn't have rights to /mnt. And you wouldn't be doing that from within a browser session anyway.

So from a security standpoint, you gain nothing by downloading these files as spot.

The real problem with downloading these large files is finding a place to save them. You need a folder with enough free space where spot has write permission.
If Firefox [root or spot] is configured to request the download location, can anything be downloaded [malicious or clean - possibly except cookies] secretly [i.e without user knowledge] whether running as root or running as spot?
That's why you have to keep your version of Firefox updated.

The theoretical danger from running your browser as root comes from malicious scripts buried on a web page. If one of these attempted to modify your system, the damage would be limited to the files inside /root/spot. (Unless the script was able to elevate its privilege.)

ggg

#78 Post by ggg »

Hello rcrsn51,

Thank you for your explanations, though with my second question about executing from within spot we may be at cross purposes [because I did not stress that Firefox had been closed before execution]. Then as I can, as root, install/execute a pet [or whatever] that is located within my spot folder; am I right to think that executing from inside spot provides no extra security?

However, it does seem to be safer to use browser spot mode so that secret and malicious downloads, if any, could only be to the spot folder and, I assume, would remain safe there, in a "vault", even after the browser closed so long as there was no deliberate execution.

If you have the time, would you please expound a little further if my interpretation of your explanation is imperfect.

Thank you

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#79 Post by rcrsn51 »

ggg wrote:Then as I can, as root, install/execute a pet [or whatever] that is located within my spot folder; am I right to think that executing from inside spot provides no extra security?
Correct.
However, it does seem to be safer to use browser spot mode so that secret and malicious downloads, if any, could only be to the spot folder and, I assume, would remain safe there, in a "vault", even after the browser closed so long as there was no deliberate execution.
Correct. But consider this. The vast majority of Linux users run non-privileged. Yet Firefox is constantly releasing security patches to protect people from the latest exploit. Does that mean that running as non-root does not really offer protection? What do these upgrades protect you from?

ggg

#80 Post by ggg »

Hello rcrsn51,

Thank you very much for your clarification. Having thought hard about your two questions in your final paragraph, I can only suggest that apart from any speed or non-security improvement(s) then possibly Firefox upgrades may sometimes stop some exploitation instead of users having to rely upon "spot-type" isolation? Also, Firefox upgrades for Linux and Windows seem to happen almost concurrently [with seemingly identical version numbering] so on some occasions might the upgrades be aimed at the protection of Windows users rather than Linux users?

Cheers

Post Reply