(old)Puppy Linux Discussion Forum

@dancytron - you got it right!

@tallboy - no, it does not make any difference. Put it this way - anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised) --- if you use the browser with the same account you login with (root or non-root - doesn't matter).

Best is still to use network programs with account that don't share anything else with your main account; unless you specifically allow it to.

Of course, amigo will then come that *anything* that uses Xorg is doomed anyway ... but that's a different story One can use links browser in a virtual terminal if one is so concerned (but of course, under a different account) ...

If you're really paranoid, in Fatdog you can buy a little more security, you can run the browser under sandbox, under LXC-sandbox, under UML-sandbox, under qemu, under VirtualBox, the list goes on and on. Barry's latest toy (Easy Linux) also have container built-in (similar to sandbox/lxc-sandbox concept).

anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised)

Hmmm... what about unmounted partitions? I have access to mount so can an attacker, in theory?

slavvo67 wrote:

anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised)

Hmmm... what about unmounted partitions? I have access to mount so can an attacker, in theory?

Yes, if that browser is run as root. If your browser is run as non-root, then it can't mount because non-root user cannot mount - again in theory (because there are ways to enable non-root user to perform mount without being asked for password, too).

jamesbond wrote:Put it this way - anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised) --- if you use the browser with the same account you login with (root or non-root - doesn't matter).

Best is still to use network programs with account that don't share anything else with your main account; unless you specifically allow it to.

Thanks, jamesbond, makes sense to me.
Then a question comes in my mind: May I conclude then that all the big Distro's e.g. Ubuntu, Fedora etc.. are insecure when it comes to browsing the network?
I mean these distros all (sort of) force you to have one normal user account to login and to do everything only from that user account (including browsing).

Fred

The largest Linux distribution on the planet (=Android) is doing it; they even go the extreme - every program (networked or not) runs with its own user account. They may know one or two things about security that we don't.

Anyway, it's not about "secure" or "insecure", but it's about "how secure" you want it to be. Security is like an onion. Multiple layers help to reduce problems if any of those layers are broken.

When you run your browser as the same user account as the owner of all your data; then basically you're depending on __that__ browser to guard your data for you. Some people are comfortable with this conclusion, some do not.

That being said, Ubuntu and the other big distro do have an additional layer that we small distros don't have: a ton of people doing just security fixes. As soon as they hear of any CVE advisories, these guys will jump on it, apply the fixes, and release it; and **hopefully** everyone who uses the distro will update to the fixed version. Someone can argue along the line of "what good is an update if my system is already compromised and my password file has been encrypted by ransomware" and I would agree, but the point here is that this is just another layer that can help (if the system isn't compromised yet).

In pre-systemd days, it's quite easy to setup a secondary user account and use it (within the same desktop) to do browsing. It's a bit inconvenient, but it is certainly do-able and some scripting will help a lot. I can't tell whether systemd-based distros actively discourage (or disable) this feature. You can test this yourself if you want.

PS: When I talk about "browser" of course I mean all network programs.

Thanks again JB, clarified a lot for me!

Fred

jamesbond wrote:If you're really paranoid, in Fatdog you can buy a little more security, you can run the browser under sandbox, under LXC-sandbox, under UML-sandbox, under qemu, under VirtualBox, the list goes on and on. Barry's latest toy (Easy Linux) also have container built-in (similar to sandbox/lxc-sandbox concept).

What about running something in screen?

tallboy

musher0 wrote:I think we scared "Emeritus" (the OP) away! (hehe)

I doubt Emeritus has ever used Puppy or was even interested in understanding how it works. Just registered to troll I think.

At least they didn't ask about apt-get

This is Bulldog!

He handles all the Puppy security.

If you try to crack into Puppy, we send him after you.

Yeah, bigpup. Give the man a fair warning.
So he knows what's in store for him.

Real men run as root ? Of course our speedy Puppy Linux make everybody root, that does not mean everybody is able to modify it..
Is you are simply somebody who wants to play with his computer but not with the OS, you can.
Yes you can do more, as root. Beware, you could break a so nice system .
Puppy is really easy to install.. If you don't change the oficial boot process. Look at all posts about install failures, when you change the rules !

I think there might be some confusion here between running a program as root vs running the operating system as root.

To run a program as another user you don't have to log in as another user. You can simply launch another program as a different user than the one logged into the Os. Here are some examples of how one might do this
http://www.pearltrees.com/s243a/startup ... id14245425
http://www.pearltrees.com/s243a/startup ... id14245464

is some systems you can use the sudo command instead of su.

Fatdog64 has a program called gtksu which also might serve this function. Many programs give you command line options to run the program as a different user.

The tor start up script for debian (or ubuntu I forget which) uses
http://manpages.ubuntu.com/manpages/pre ... xec.8.html

to confine tor to to a specific user. This command is from the program called Apparmor. Some people in this form use firejail to sandbox their browsers. If you're really concerned about a specific program than run it in a virtual box. Or one could go to the extreeme and run an Os like qubes-os.

Regarding other distributions, it isn't that they don't run some programs as less privileged users than the one operating the OS; it is that the user might know which programs are ran as a different user and might be overly complacent because they are not logged in as root.

Since puppylinux has fewer programs then most version of linux it is easier to keep track of which privileges that each program has. As a final note; in puppy we don't just need to have the typical three users. Puppylinux actually uses more users. The others are just reserved for specific programs.

On cool thing you can do with the firewall is base your iptables rules on the user that a particular program is running as. The examples for tors seamless proxy do this trick.

To quote Douglas Adams:

"Many were increasingly of the opinion that they'd all made a big mistake coming down from the trees in the first place,
and some said that even the trees had been a bad move, and that no-one should ever have left the oceans."

I suppose had we not left the trees we would be running as Groot.

removed

BarryK is online, it would be nice to see him rip Emeritus and this troll thread to pieces