Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Sep 2014, 14:06
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Pet packages and security.
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [8 Posts]  
Author Message
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Tue 20 Nov 2012, 14:03    Post subject:  Pet packages and security.  

I just wanted to throw out a question as to how many users check out PET packages before they install them to make sure they do not install software that could put a user's security at risk.
For example, one makes a PET package of a game and includes in it a means to remotely access the computer it is installed on.
The unwanted code could set itself up to even activate at a given time using the scheduler.

I usually do not examine the contents of a Pet package before I install it.
Just imagine if a dd command was included and what the dd command is capable of!
Back to top
View user's profile Send private message 
amigo

Joined: 02 Apr 2007
Posts: 2247

PostPosted: Tue 20 Nov 2012, 15:17    Post subject:  

Anything is possible unless you are able to audit/inspect the code. This is why the inclusion/distribution of pre-built binaries is such a bad practice. Of course, most users are not smart enough to audit a piece of software -even a script, for example. One hopes to be able to trust the distributor, but I see that BK often includes binary packages which have been built by others. He should at least insist that submissions be made in the form of a build script which compiles and builds the package. Of course, you/he still has to be able to either trust the source or be capable/willing to inspect it.

I would never (and never have) trusted anyone's binaries from this forum. And I also don't trust any scripts from here without going through them first to see what they really do. The problem is that nearyl everything offered here is done in such a shoddy manner, taht the scripts aere basically unreadable. BK sets a bad precedent there, as well, because even his stuff is nearly impossible to decipher.

These days, I don't depend on *anyone* for any binaries -I build everything myself -except for Opera and Flash-player. I do not really trust the flash-player at all -it has always been crap. Opera I do trust, as far as possible. They seem to do a better job than either the Seamonkey or FireFox teams -security alerts on Opera are rare indeed.

To be fair, most of the 'crap' offered here is not maliciously intended -it's just that the authors have no idea what they are doing and so they easily can cause a disaster -at my expense.

I do trust the intentions of most major distros, but I'm always careful about their *implementations* of those intentions. Very few distros have adequate methods for vetting software. For any sort of mission-critical or security-minded system, I would only trust myself or debian. debian is the *only* distro which tests software anywhere near adequately.
Back to top
View user's profile Send private message 
pemasu


Joined: 08 Jul 2009
Posts: 5463
Location: Finland

PostPosted: Tue 20 Nov 2012, 15:59    Post subject:  

I do extract and inspect every package I put to the woof. Mostly I have to do this because often woof non compliant pinstall.sh scripts brakes woof building. I also check that the package does not install something which overwrites existing binaries or libs or overwrite configuration scripts without improved intention.

Backdoors in Puppies. Might be. There are quite a lot people which searches under the hood and strange behavior is frequent topic and the cause many times has been hunted down. I havent heard in 3 years that ever backdoor or malicious content ( intentional ) has been found
Of course it can be there.

You can also have car accident tomorrow, but still you go to the work.

My medication is in balance.

About script content. Good to hear that it is not only poor understanding about scripting that I dont understand most of the code. It is helpful to hear that the content is incomprehensible to the talented coder also. Thanks.

It could be said that the content Puppy coders use gives also security by obscurity. lol.
Every force has equal counterforce.
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Tue 20 Nov 2012, 19:22    Post subject:  

pemasu wrote:


You can also have car accident tomorrow, but still you go to the work.

My medication is in balance.



There's also the problem of aging, although I suppose you could try stem cells.
Back to top
View user's profile Send private message 
Master_wrong

Joined: 19 Mar 2008
Posts: 456

PostPosted: Tue 20 Nov 2012, 20:09    Post subject:  

@jpep
or cloning... ? Laughing
i mean backing up the important data. infact i am more worried that my harddisk are fried due to electrical glitch (it happen to me once) than a crappy pet.

_________________
Cluster-Pup v.2-Puppy Beowulf Cluster
http://www.murga-linux.com/puppy/viewtopic.php?p=499199#499199
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Tue 20 Nov 2012, 20:33    Post subject:  

It is good to hear others opinions on this subject!
At least we are using an open source OS in Puppy and other versions of linux. That gives us at least a chance to examine the software we install as well as the base it is installed on.

We are not at the mercy of MS, its closed source OS and lord knows what gets added by its update manager that one does not know about and cannot legally examine.
The MS users license as an example prohibits that sort of checking of their software.
At least with Puppy, the source code for most of it is available although not included with the SIOs.
I have read on Barry's site of one being able to request the source code for any puppy version he makes.

So thank you for your views on this and others that have read this thread feel free to join in and make your thoughts known.
Back to top
View user's profile Send private message 
Master_wrong

Joined: 19 Mar 2008
Posts: 456

PostPosted: Wed 21 Nov 2012, 06:36    Post subject:  

linux generally also easier to backup.
in Puppy we just need to copy the savefile...

_________________
Cluster-Pup v.2-Puppy Beowulf Cluster
http://www.murga-linux.com/puppy/viewtopic.php?p=499199#499199
Back to top
View user's profile Send private message 
Bligh

Joined: 08 Jan 2006
Posts: 484
Location: California

PostPosted: Wed 21 Nov 2012, 22:05    Post subject:  

When Win xp came out, I was desperate to find an alternative. I used Lindows/Linspire untit it ended. I still have one install of Linspire and it still runs. I started following Puppy during it's early development. I never checked the box {always trust M$}.
Cheers
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [8 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0579s ][ Queries: 12 (0.0037s) ][ GZIP on ]