How secure is Puppy Linux?

[CandyManJ]

Hi,

I guess this has been discussed earlier, but I want to know how secure Puppy is in comparison to other general use distros such as Ubuntu and OpenSUSE. To begin with, I really like the concept of Puppy, and how it works in general, how it uses a squashfs for system files, how it is not a multiuser system, how it has a classic interface but still contains all the software a computer user would need in just ~200MBs ISO file.

But I want to ask about how secure it is especially that:
1- Since root user is being used, what if a hacker could get access of SSH, I know that he can't delete important files as the changes aren't written to the SquashFS system until session end, but he can still read ALL files on the system, when you can limit a user in a multiuser system of the directories he can access.
2- Since software updating is really rare (Not a priority) in Puppy distros, but most minor updates of software are vulnerability fixes that can close exploits in the system, especially when it comes to web browsers.
3- Most Puppy distros use old kernel versions (Such as 3.xx.xx), which may not have features and vulnerablility fixes in later versions.

Though the idea of making the whole system in a SquashFS (Frugal install) is really genius and can be considered a great security enhancement compared to other distros.

[ally]

http://www.murga-linux.com/puppy/viewtopic.php?t=88691

http://archive.org/details/Puppy_Linux_Puli

[perdido]

Look around the forum. How many threads do you see where someones security was compromised?
You will not see much security activity updates posted unless they are at core level, such as the shellshock and heartbleed. as examples.

Generally when some important issue is exposed it is posted in the security forum.

Updates are not pushed to users. Up to the user to decide if needed. Up to the user to connect to the internet. No background activity should
be going on that you are not aware of, unless you have automatic browser updates/etc.

Browser updates are generally mentioned in the Browsers sub-forum. I would recommend to not use firefox I would recommend using the
pale moon browser(this is just me) BTW, pale moon is the default browser in TahrPup. Add the https everywhere and noscript plug-ins and you should be pretty much
secure unless you let the boogie man in.

You can run TOR as a limited user if you are paranoid.

Probably not the info you were looking for but maybe will give you a better feel for whats going on as far as how security is discussed/handled.

There are some mad scientists here are very security aware and will no doubt go as deep into this as you wish.

.

[Robert123]

Some parts a little out of date but still useful.
http://puppylinux.org/wikka/Security
http://www.murga-linux.com/puppy/viewtopic.php?p=633797

[musher0]

Hi CandyManj.

We regulars in this forum have been over this subject so many times, we
should have the info on robocall or similar!!!

As perdido suggested, browse through the Security section of the forum
starting from the end (that's where the most recent threads are stored).

It should answer pretty much any and all of your questions, since a lot of
ground is covered in those threads. If not, just ask here.

One thing I must point out in your OP is that pupsave files are NOT read
only, like the system sfs files are. Pupsave files have a similar structure /
file system inside, but:
-- their name extension is 2fs, 3fs or 4fs;
-- they are read-and-write files; and
-- they are not compressed.

So please make regular back-ups, preferably daily, of your pupsave files
with the utility of your choice. Puppy has lots of archiving / back-up tools,
from making a simple zip archive of it to sophisticated external
safeguarding on a remote support. This way, should something
unfortunate happen, you'd only have lost one day's work.

IHTH. Good luck!

[rufwoof]

The most important element with security ... is to take the opposing view to many and consider nothing as being secure (rather than being over-confident and thinking you're secure). Treat things as though your PC/laptop were openly available (left in the street for anyone to access) and focus on how best to protect your system/data from that. So you might want to encrypt important/personal files, and make sure you have good/regular backups stored elsewhere.

For general use even old/outdated software/browser can be fine. If factory fresh and freshly booted before you go directly to your banks website, rebooting again afterwards - that's far far better than the latest machines that have been used to browse here there and everywhere before and after visiting the bank, where a single penetration at any one time might have resulted in a trojan having been installed.

Browser providers such as Firefox kindly publish vulnerabilities for hackers, who can then monitor for those that haven't upgraded to the fixed versions and exploit those weaknesses. They're more likely however far more interested in potential gain from their efforts and will tend to target high worth systems (servers) or mass usage (Windows). Hardly worth their bother to target a relatively small group of users (Puppy) on a individual basis.

[rufwoof]

Your data/docs/pictures ..etc are most likely the most valuable files for you. Storing them inside the main sfs is not the best of choices as the main sfs is generally accessible/readable even by restricted users (who could copy and inspect the content, even if encrypted (given enough time/resources could be cracked)). Similar in effect to how years ago Unix used to store each user and their ciphered password in /etc/passwd which was world readable. Not great. Nowadays that's been separated out so that encrypted passwords are stored separately in /etc/shadow instead, which isn't world readable.

Some Linux installations use separate system and /home partitions/disks (as commonly docs/pictures etc are stored under /home) with that partially in mind (the other reason is that can help speed the system up).

Operating systems and hardware can easily be replaced, invaluable pictures/data cannot. To reiterate think along the lines of if your system was totally open and the risks that presents to your invaluable data ... and take appropriate protective measures.

[Sylvander]

My horror story:

1. I used to keep my personal files on 2 external [usb connected] HDD's.
I only connected [or powered these on] if/when needed.
I had the idea that I'd make a backup of the 1st HDD holding important personal files like family photos, to the 2nd HDD which held backups etc, BUT...
I had not yet done this when....

2. One day I was making a bootable Flash Drive to include one of BK's offerings.
Decided to use his method using dd to write an image to the Flash Drive.
I'd done this once before, and it was easy and fast, but this time...
a. I made the mistake that:
a1. The 1st external HDD was powered-on.
a2. When I entered the necessary command, I made the mistake of specifying the 1st external HDD [sdb] as the drive to be written to.
a3. Soon as I did it, I realised my error, and stopped the write.
a4. TOO LATE! The [valuable] contents of the HDD could no longer be seen with any file browser.
a5. I was able to recover/copy the files to another HDD, BUT...
The names of the files, and the hierarchical folder system names were what told me all about what the files contained.
Hence...
a6. I now have a whole load of recovered family photos, that I can view, but no date/place/time/who info.
a7. It will be practically impossible for me to remember [or discover] this info.

Does anyone know how it might be done?
If so, just say so and I can start a new thread to cover this.

Is this story about safety rather than security?

[musher0]

Hi Sylvander.

Think EXIF or IPTC. Do those acronyms ring a bell?

Hopefully your camera stored the EXIF/IPTC info inside the picture. If so, all
you need now is a meta data editor to recover that info. Something like
ExifTool.

EXIF info stored is usually time, date, type of camera, perhaps filter used,
and similar.

IHTH

[belham2]

Though the idea of making the whole system in a SquashFS (Frugal install) is really genius and can be considered a great security enhancement compared to other distros.

There are many of us here on murga who believe (some ardently) that the only way any puppy and/or pup-related distro should be run is via "frugal" installs. This is especially true in running that frugal install where any 'saving of the session' is ONLY done at the close (giving you complete control). I follow rufwoof's example (he has a lot of posts on this) on how to set up your pup and how to set up saving (and when & where you save). Lastly, for sensitive stuff online, going the way of small-ball Debian on a USB (or CD/DVD) is best. Debian, whose developers are uber- "naturally" wary of everything, has 100s of eyes, plus tens of 1000s of user eyes, pouring over Debian code fairly frequently. Thus, it is a no-brainer in my eyes. What I mean is that it is not worth it to conduct online anything sensitive you have in your life with any pup-distro and/or related pup-distro and/or any other Linux distro (save for centOS/fedora/SUSE/Ubuntu). For sensitive stuff in your life, stay with the bigs, and especially the ones that are well-maintained with many eyes as possible. Running "root" or "not root" is not really the issue....it pales in comparison of importance overall.

[bigpup]

For bank transactions, access, etc....

If you boot with a Live Puppy CD/DVD, that has been burned so nothing else can be written to it. (Closed burned)

Use the web browser to do nothing but go to
example: a bank web site.

Do whatever you want to do there.

When finished shutdown and power off the Live Puppy.

Do not save.

There is no way anything can be added to Puppy.

Everything was in memory as you used Puppy.
When you shutdown and power off, memory is deleted completely.

By not saving. The next time you boot the live Puppy CD/DVD, it has only the files and programs that are on the CD/DVD.
Because the Live Puppy CD/DVD was burned closed.
Nothing can be saved to it, so no way of anything accidentally getting on the CD/DVD.

[musher0]

Hi belham3.

While it is true that running "root" or "not-root" is NOT the issue, I fail to see why
running a "big" distro would be safer than running a "humble" Puppy.

Right off the bat, I see some pretty nifty security features you can implement in
your Puppy:

-- As rufwoof mentioned a couple of posts above, he has evolved what I'd call "a
system of safety" through organization of various sfs's.

-- Regular and easy back-ups of your pupsave files.

-- As you yourself mentioned just now, some frugal users are set up to optionally
save at boot-down only.

-- As I mentioned in a previous thread, the user can reduce the permissions in the
"bin" directories to "700" (read-write-execute for user only), adding a layer of
protection for you, and a complication for any kiddo who wants to infiltrate your rig.
The reasoning behind this simple procedure being that a file unseen or unchangeable
by an outsider cannot be attacked.

-- There's also the "Growl Suite" by our forum colleague lobster, the installation of
which should be a must on all Puppies. With it you can do numerous safety tests.

-- Finally, as perdido mentioned above, you can install and run the TOR browser on
a Puppy as well as on any of the "bigs".

IMO, if you apply all of the above measures in your Puppy, your computing will be
as safe as it would using one of the bigger distros -- if not safer.

My 2¢. BFN.

[belham2]

Hi belham3.

While it is true that running "root" or "not-root" is NOT the issue, I fail to see why
running a "big" distro would be safer than running a "humble" Puppy.

Right off the bat, I see some pretty nifty security features you can implement in
your Puppy:

-- As rufwoof mentioned a couple of posts above, he has evolved what I'd call "a
system of safety" through organization of various sfs's.

-- Regular and easy back-ups of your pupsave files.

-- As you yourself mentioned just now, some frugal users are set up to optionally
save at boot-down only.

-- As I mentioned in a previous thread, the user can reduce the permissions in the
"bin" directories to "700" (read-write-execute for user only), adding a layer of
protection for you, and a complication for any kiddo who wants to infiltrate your rig.
The reasoning behind this simple procedure being that a file unseen or unchangeable
by an outsider cannot be attacked.

-- There's also the "Growl Suite" by our forum colleague lobster, the installation of
which should be a must on all Puppies. With it you can do numerous safety tests.

-- Finally, as perdido mentioned above, you can install and run the TOR browser on
a Puppy as well as on any of the "bigs".

IMO, if you apply all of the above measures in your Puppy, your computing will be
as safe as it would using one of the bigger distros -- if not safer.

My 2¢. BFN.

Haha, my friend, everything you wrote is "TRUE", for people like you and me. But it is definitely not true or even remotely applies to the 99.999% of all users out there. Sometimes being a developer, you forget how people just want to "turn it on", and "get on with it".

They do not want to fuss, muss, and obsessively lord over nearly every detail that people like you and me think a) is fun, and b) is no problem at all. I've gotten many members of my somewhat large family (and extended family), plus friends, to use various puppies, and when I go back to check on them weeks later, I am horrified to see that they've done NOTHING that I told them to. The common refrain is: 1) I don't have time, and b) it is too damn hard (which, in all honesty, Musher, it is for those 99.9999% people).

Rufwoof (and others, like me) have been saying it for a long time now....stick to the slim-downed version of the monster Debian, and set it up like he says (which he details well, and others have written elsewhere on the net about this), when doing uber-personal-sensitive stuff online.

The numbers of people looking into Debian code, vetting and testing it, is way more than puppy ever will achieve. You, me and we can all argue and defend the puppy universe all we want. But the fact and matter of the Law of Large Numbers applies here: we (pups) are a small solar system, hell, maybe not even registering as a small solar system but instead a planet or possibly small moon, when compared to the galaxy-sized of Debian (or Fedora or Ubuntu) and its developers & users (in the corporate world too) using & checking it out closely.


My point is NOT in the details, Mushers. My point is for you, me and everyone to lift our heads out of our very small world, and consider the vast majority of internet users out there, their behaviors and such. They wouldn't even know what a script is if it hit them in the face, or even a .config file, or a .desktop file, and on and on. Additionally, too many variations and splintering of pups over the years has made it impossible to vet each and every one of them that they don't have something bad in them from the get go. It just is not possible, and to argue otherwise is to be foolish. Thus, for most users who can't dive into everything and all they want is the better % chance to be safe overall online with their sensitive info, then follow this simple analogy: if they want to stay warm, stick to that yellow glob in the sky called the sun (debian/fedora) and ignore the small birthday candle (pups) they can pull out of someone's pocket.

But of course, for people like you and me (and most anyone who posts here), we LOVE birthday candles and trying to burn them like they are nuclear furnaces, haha

[rufwoof]

While it is true that running "root" or "not-root" is NOT the issue, I fail to see why running a "big" distro would be safer than running a "humble" Puppy.

Access the account you use to browse the internet with, or send/receive mail with. Browse around what that account can see/do ... and if you perceive that to be ok, something that you wouldn't mind anyone else seeing/doing then you're fine. If Firefox or whoever mess up and a easy breakout is released or apparent, then it wouldn't matter.

Likely however you wouldn't be happy for that open access. Unlike conventional Puppy, DebianDog and XenialDog support true multi-user. From the offset they're configured (alternatives/additional accounts can easily be set up) so you can log in as either root or puppy (passwords default to the same as their user names). Currently the defaults for both are not the best of choices IMO, userid Puppy for instance shouldn't be in sudoers group nor should Puppy userid be able to su (which you can change in /etc/pam.d/su). I think it shouldn't also be a member of group wheel either ...etc. When set up more as a restricted shell then you can use Puppy userid to do all online stuff, and use user root for everything else, including storing your personal files/data in a folder that user Puppy can't see into.

As per a usual true multi-user system you can switch between sessions/terminal using the Ctrl-Alt-Fn key combination (where different terminal sessions appear for each one (IIRC F1 is already in use by X, F2 is perhaps where root login is (in Debian its F7) ..etc)).

Personally I don't log into a gui with root at all and have a userid of user that I use instead i.e. escalated privileges set for that - so pretty much getting on for being like a root account anyway. I use that for admin and secure storage of personal files/data. For more general use I have another user account ... a bit like Puppy userid, that is assigned to a restricted shell (rbash), has no sudo nor su and is a member of its own single group i.e. belongs to 'others' when setting file/folder permissions (some like to use numerical permission setting, I tend to use chmod o-wrx type format i.e.change others to not have write, read or execute permissions on a particular file or folder; chmod o+r gives read permission to 'others' ...etc).

If you don't like what user Puppy (or whatever) can do/see, then change your set up until you're more comfortable ... and if anyone does manage to break out of your browser to command level that's the limit of their access as well.

Standard Puppies IIRC are much less secure in that respect, Fido and Spot never really got set up correctly I believe. The early documentation for those suggested that normal users in other non-puppy systems could just sudo anyway without a password, but that is wrong ... at least unless its intentionally set up that way.

Mostly I log in as Puppy type user as once the system is pretty much set up as you like you don't need to be changing things. I use that for all access to the internet/web and avoid any internet access when logged in as User ... other than banking (fresh browser with no extensions etc. only go to the banks web site etc. If I'm doing some office type work, perhaps a spreadsheet of personal data, then I'll be logged in as User to do that, but may perhaps flip (Ctrl-Alt-Fn) to the Puppy session to look things up using Firefox ...etc. User can access any copies of text/files that Puppy downloads anyway (User can read Puppy folder, but not the other way around).

I'm more in the camp that not running as root is a good thing for general usage. The big distros also tend to have their file permissions more refined and/or have security more utmost in mind compared to Puppy Linux.

[8Geee]

Have to give bigpup a big +1. Running Puppy on CD or DVD Live without re-write and without save is a fine and simple answer. Casual surfing and/or banking is well served. Dodgy sites like facebook, yahoo anything, twitter, etc will work fine if the Browser within Puppy is reletively new. So if FF27 doesn't make it, FF45.8esr will be a better alternative. Considering there are still 32bit devices, older stuff gets a breath of new life.

My own personal experience is no twitter, no facebook, no google, no problem for FF27 with TLS1.2 security in the browser. Everything else can use FF45.8esr. /MHO

8Geee

[Reneetje]

This is interesting.
If you think you have the safest OS in the world, you can still go to the wrong place.
https://www.арр

[musher0]

Belham2, you're undoubtedly a kill-joy!

rufwoof, I'm not sure yet !!!

[rufwoof]

rufwoof, I'm not sure yet !!!

http://distro.ibiblio.org/fatdog/web/faqs/login.html

[davids45]

G'day,

I thought I'd post links to a couple of old pages discussing Puppy internet/network security - I assume this is the definition of 'secure' in the first post in this thread.

https://unix.stackexchange.com/question ... make-sense

http://barryk.org/puppylinux/technical/root.htm

The 'proof of this pudding' remains in the 'eating', or in security terms, lack of any Puppy being eaten.

Happy browsing.

David S.