Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Jul 2017, 03:03
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
Real men run as root
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [35 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15235
Location: Paradox Realm

PostPosted: Sun 19 Mar 2017, 04:57    Post subject:  

I have always run as root.

If I was a real man I would run Puppy and wearing a kilt. Cool

Puppy are not totally geek but most know the historical difference between root on server and terminals and a savvy root user. That is why Puppys are safe and Gentoo and other big dogs are not. Too much yapping, not enough knowledge. Puppy is an education, not opinion, geek mantras and platitudes . . .

Read the first answer then keep reading for more insight
https://unix.stackexchange.com/questions/46287/when-does-the-puppy-linux-security-model-make-sense

Quote:
Over 30yrs programming in dozens of languages from assembly to Oracle database administration, and I've found nothing more secure and reliable than Puppy Linux.


If you run Puppy in ram loading in from DVD/SD card/USB keydrive and save your data on a separate media, you are in a very robust system.

I am not interested in security but provided GROWL (new version in beta) as a way to placate and educate - just as I am kindly supported and educated by our rottweilers in tin hats (protectors of Puppy).

_________________
YinYana AI Buddhism
Back to top
View user's profile Send private message Visit poster's website 
fredx181


Joined: 11 Dec 2013
Posts: 2255
Location: holland

PostPosted: Sun 19 Mar 2017, 06:34    Post subject:  

Lobster wrote:
Read the first answer then keep reading for more insight
https://unix.stackexchange.com/questions/46287/when-does-the-puppy-linux-security-model-make-sense


Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred

_________________
Dog Linux website

Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 808

PostPosted: Sun 19 Mar 2017, 07:22    Post subject:  

fredx181 wrote:
Lobster wrote:
Read the first answer then keep reading for more insight
https://unix.stackexchange.com/questions/46287/when-does-the-puppy-linux-security-model-make-sense


Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred



Awe, shucks, Fred, here's the most foolproof system: James is always saying to not run network with the same user that has the data. Well, hmmm.......What if a person has NO DATA, as in his head is a blank slate. his brain too, which is reflected in his pup & pup-related uses, then he has no worries. Be Hapskee, he says, life is good. Even if they bio-magically came in thru the keyboard into his brain, they'd find NO DATA there either and would desparately be searching for his wife to find some data of value Smile

.....Of course, I am not saying the above person is me...... Laughing Wink
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 10550
Location: Gatineau (Qc), Canada

PostPosted: Sun 19 Mar 2017, 07:56    Post subject:  

I think we scared "Emeritus" (the OP) away! (hehe)
_________________
musher0
~~~~~~~~~~
« Un insensé sur le trône n'est qu'un singe sur le haut d'un toit. » / "A madman
on the throne is just a monkey on top of a roof." (Bernard de Clervaux)
Back to top
View user's profile Send private message 
drunkjedi


Joined: 24 May 2015
Posts: 684

PostPosted: Sun 19 Mar 2017, 08:59    Post subject:  

Maybe he is just enjoying on sidelines.
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3051
Location: The Blue Marble

PostPosted: Sun 19 Mar 2017, 10:15    Post subject:  

@dancytron - you got it right!

@tallboy - no, it does not make any difference. Put it this way - anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised) --- if you use the browser with the same account you login with (root or non-root - doesn't matter).

Best is still to use network programs with account that don't share anything else with your main account; unless you specifically allow it to.

Of course, amigo will then come that *anything* that uses Xorg is doomed anyway Laughing ... but that's a different story Smile One can use links browser in a virtual terminal if one is so concerned (but of course, under a different account) ...

If you're really paranoid, in Fatdog you can buy a little more security, you can run the browser under sandbox, under LXC-sandbox, under UML-sandbox, under qemu, under VirtualBox, the list goes on and on. Barry's latest toy (Easy Linux) also have container built-in (similar to sandbox/lxc-sandbox concept).

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1415
Location: The other Mr. 305

PostPosted: Sun 19 Mar 2017, 10:23    Post subject:  

Quote:
anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised)


Hmmm... what about unmounted partitions? I have access to mount so can an attacker, in theory?
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3051
Location: The Blue Marble

PostPosted: Sun 19 Mar 2017, 12:09    Post subject:  

slavvo67 wrote:
Quote:
anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised)


Hmmm... what about unmounted partitions? I have access to mount so can an attacker, in theory?

Yes, if that browser is run as root. If your browser is run as non-root, then it can't mount because non-root user cannot mount - again in theory (because there are ways to enable non-root user to perform mount without being asked for password, too).

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 2255
Location: holland

PostPosted: Sun 19 Mar 2017, 14:07    Post subject:  

jamesbond wrote:
Put it this way - anything that you can access (not only in savefile, but in mounted partitions, external flash drive if connected, etc) - can be accessed by the browser too (and by extension, by an attacker if the browser is compromised) --- if you use the browser with the same account you login with (root or non-root - doesn't matter).

Best is still to use network programs with account that don't share anything else with your main account; unless you specifically allow it to.


Thanks, jamesbond, makes sense to me.
Then a question comes in my mind: May I conclude then that all the big Distro's e.g. Ubuntu, Fedora etc.. are insecure when it comes to browsing the network?
I mean these distros all (sort of) force you to have one normal user account to login and to do everything only from that user account (including browsing).

Fred

_________________
Dog Linux website

Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3051
Location: The Blue Marble

PostPosted: Sun 19 Mar 2017, 14:59    Post subject:  

The largest Linux distribution on the planet (=Android) is doing it; they even go the extreme - every program (networked or not) runs with its own user account. They may know one or two things about security that we don't.

Anyway, it's not about "secure" or "insecure", but it's about "how secure" you want it to be. Security is like an onion. Multiple layers help to reduce problems if any of those layers are broken.

When you run your browser as the same user account as the owner of all your data; then basically you're depending on __that__ browser to guard your data for you. Some people are comfortable with this conclusion, some do not.

That being said, Ubuntu and the other big distro do have an additional layer that we small distros don't have: a ton of people doing just security fixes. As soon as they hear of any CVE advisories, these guys will jump on it, apply the fixes, and release it; and **hopefully** everyone who uses the distro will update to the fixed version. Someone can argue along the line of "what good is an update if my system is already compromised and my password file has been encrypted by ransomware" and I would agree, but the point here is that this is just another layer that can help (if the system isn't compromised yet).

In pre-systemd days, it's quite easy to setup a secondary user account and use it (within the same desktop) to do browsing. It's a bit inconvenient, but it is certainly do-able and some scripting will help a lot. I can't tell whether systemd-based distros actively discourage (or disable) this feature. You can test this yourself if you want.

PS: When I talk about "browser" of course I mean all network programs.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 2255
Location: holland

PostPosted: Sun 19 Mar 2017, 16:20    Post subject:  

Thanks again JB, clarified a lot for me!

Fred

_________________
Dog Linux website

Back to top
View user's profile Send private message 
tallboy


Joined: 21 Sep 2010
Posts: 699
Location: Oslo, Norway

PostPosted: Thu 30 Mar 2017, 14:54    Post subject:  

jamesbond wrote:
If you're really paranoid, in Fatdog you can buy a little more security, you can run the browser under sandbox, under LXC-sandbox, under UML-sandbox, under qemu, under VirtualBox, the list goes on and on. Barry's latest toy (Easy Linux) also have container built-in (similar to sandbox/lxc-sandbox concept).


What about running something in screen?

tallboy

_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1196

PostPosted: Thu 30 Mar 2017, 15:51    Post subject:  

musher0 wrote:
I think we scared "Emeritus" (the OP) away! (hehe)

I doubt Emeritus has ever used Puppy or was even interested in understanding how it works. Just registered to troll I think. Sad

At least they didn't ask about apt-get Laughing
Back to top
View user's profile Send private message 
bigpup


Joined: 11 Oct 2009
Posts: 8957
Location: Charleston S.C. USA

PostPosted: Thu 30 Mar 2017, 19:10    Post subject:  

This is Bulldog!

He handles all the Puppy security. Shocked Shocked

If you try to crack into Puppy, we send him after you. Cool
bulldog.jpg
 Description   
 Filesize   10.92 KB
 Viewed   173 Time(s)

bulldog.jpg


_________________
I have found, in trying to help people, that the things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected Shocked
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 10550
Location: Gatineau (Qc), Canada

PostPosted: Thu 30 Mar 2017, 19:44    Post subject:  

Yeah, bigpup. Give the man a fair warning.
So he knows what's in store for him. Twisted Evil

_________________
musher0
~~~~~~~~~~
« Un insensé sur le trône n'est qu'un singe sur le haut d'un toit. » / "A madman
on the throne is just a monkey on top of a roof." (Bernard de Clervaux)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [35 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0907s ][ Queries: 14 (0.0115s) ][ GZIP on ]