(old)Puppy Linux Discussion Forum

Is Puppy still run as root?
There is a report on Gentoo forums about successful break-in into a computer ran as root.
Methinks the times when Linux was relatively secure to be run as root are over, for good.

Hello Emeritus.

Oh, I think in this forum we've been touching on this subject every 28
days. It's like PMS, IMO. Now it's your turn to have cramps...

Do a search with the forum search engine, the answers to your question
are already there.

As former member and Puppy developer gposil once said (or something
like it), about six years ago:

"If you think running Puppy as root is a risk,
don't use it."

Regards nevertheless.

I've actually started moving my browsers to Spot. Why? Eh, why not?

It's there... it has no noticeable negative affect and those pesky Chromium, Chrome, Iron, etc. sandbox issues seemed to go away....

Not afraid of running Root but I'm pretty happy with my browsers running via Spot.

Yes I think running as root is a risk. And this risk is increasing. The Gentoo computer that got owned wasn't taken over by a Windows virus. It was a piece of badware targeting Linux systems and it successfully encrypted user files.
The world is changing and IMHO you are hiding your head in the sand.

Got link to that break in report?

All my important items are backed-up in 3 places, so I have little concern for such but I'm careful where I go and what I add to my machines.

Emeritus wrote:...The Gentoo computer that got owned wasn't taken over by a Windows virus. It was a piece of badware targeting Linux systems and it successfully encrypted user files....

Was this Gentoo computer that got broken into running as root? That's what we're discussing here.

It's here discussed, I guess:
https://forums.gentoo.org/viewtopic-p-8 ... 5e54e25294

Caused by browsing the net as root or...

Fred

Having moved over from DebianDog to a more pure form of Debian frugal ... and it was a right PIA at first. Kept hitting permissions failures after making edits - 'annoying' to put it politely.

After a while however and it became second nature. Clickable link/icon to open a root terminal. Right click option in PCmanFM to open as root. All the rest run under 'user'.

Some programs such as VLC, Pulse Audio ...etc. don't like to be run as root. You can fix that, at least for VLC with a relatively simple edit however. Many of the weaknesses of running as root equate to the risk of a local escalation of 'privileges risk' ... but if you can already easily access root anyway and just use your box as a single user box, those risks are immaterial.

Running a browser as user is a good idea IMO. As the browser is the more likely point of entry/weakness. Puppy (or other frugal boot alternatives such as the Debian frugal I run) that can be shutdown with no saving of changes however is a barrier to deeper level breaches/trojans. Such that one of Puppy's weaknesses (if you want to consider running as root as being such), is offset by one of its strengths (frugally booted).

Most importantly is **don't** run network programs with the same user account that keeps your data.

Explanations here: http://distro.ibiblio.org/fatdog/web/faqs/login.html.

jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.

Including wine network programs (wine-HQ recommend not to run wine as root at all).

jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.

Do I understand well?:
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?

Fred

I have always been root. But I guess running live with no savefile put me in a different league...

fredx181 wrote:

jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.

Do I understand well?:
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?

Fred

From reading Jamesbond's posts in the past, I think his point is that no matter what user you are running as, for maximum security, you should browse as a different user.

So if you are running as a normal user, you should still use a different user to browse, since even if your normal user doesn't have root access it still has access to your data and your data is what is important.

Hopefully he'll correct me if I've completely misunderstood him.

About root, spot and fido
http://barryk.org/puppylinux/technical/root.htm

I have always run as root.

If I was a real man I would run Puppy and wearing a kilt.

Puppy are not totally geek but most know the historical difference between root on server and terminals and a savvy root user. That is why Puppys are safe and Gentoo and other big dogs are not. Too much yapping, not enough knowledge. Puppy is an education, not opinion, geek mantras and platitudes . . .

Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense

Over 30yrs programming in dozens of languages from assembly to Oracle database administration, and I've found nothing more secure and reliable than Puppy Linux.

If you run Puppy in ram loading in from DVD/SD card/USB keydrive and save your data on a separate media, you are in a very robust system.

I am not interested in security but provided GROWL (new version in beta) as a way to placate and educate - just as I am kindly supported and educated by our rottweilers in tin hats (protectors of Puppy).

Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense

Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred

fredx181 wrote:

Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense

Lots of different opinions there and e.g. depends on.. etc..
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.

Fred

Awe, shucks, Fred, here's the most foolproof system: James is always saying to not run network with the same user that has the data. Well, hmmm.......What if a person has NO DATA, as in his head is a blank slate. his brain too, which is reflected in his pup & pup-related uses, then he has no worries. Be Hapskee, he says, life is good. Even if they bio-magically came in thru the keyboard into his brain, they'd find NO DATA there either and would desparately be searching for his wife to find some data of value

.....Of course, I am not saying the above person is me......

I think we scared "Emeritus" (the OP) away! (hehe)

Maybe he is just enjoying on sidelines.