Why I don't like running as root (in Puppy)

For discussions about security.
Message
Author
User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#46 Post by BarryK »

Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.

User avatar
jmarsden
Posts: 265
Joined: Sat 31 Dec 2005, 22:18
Location: California, USA

#47 Post by jmarsden »

This post is probably overkill,but:
BarryK wrote:Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.

I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!

BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try nmap and (if desired) Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.

Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick

Code: Select all

# netstat -nl --inet
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling :-) [[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to

Code: Select all

# netstat -na -f inet
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]

Jonathan

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#48 Post by GuestToo »

i don't think a router or modem should have a telnet port open either

the thing is, a router or modem is usually a little computer, with a cpu and ram and flash memory instead of a hard drive ... or it might have a hard drive ... so it is potentially as vulnerable as a computer is ... if a cracker can hack into your router, he can potentially gain full access to all the machines on your network

though why a router/modem would be running a web server or ftp server i don't know ... that is why i wondered if it was another computer on your network with the open ports

my grc test results

i don't really care about "stealth" ... closed ports are good enough for me ... though i have noticed that when you run completely "stealthed", there does seem to be a little less trafffic trying to worm into your system

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#49 Post by GuestToo »

by the way, the forum seems to imply that i started this thread Why I like running as root (in Puppy)

i did not ... i do not like running as root at all

the reason my name is attached to the thread is because the thread was moved, and it probably used my name because i was the last one that posted to the thread before it was moved

User avatar
jmarsden
Posts: 265
Joined: Sat 31 Dec 2005, 22:18
Location: California, USA

#50 Post by jmarsden »

GuestToo wrote:though why a router/modem would be running a web server or ftp server i don't know ...
Well, most consumer routers use a web server to provide their easy-to-use administration interface. By default they only serve web pages on their internal (LAN) interface, but often you can enable the web service (either http or https or both) on the external (WAN) side too if you so choose. It does sound as though this particular router may not be configured optimally, and I'd definitely encourage BarryK to let his friend know of this, and (if necessary) suggest that his friend seeks help in getting it more securely configured.

Jonathan

muskrat
Posts: 24
Joined: Sun 03 Jul 2005, 17:46
Location: Gulf Coast TX-MX
Contact:

#51 Post by muskrat »

Ok I see your logic, and aggree somewhat to what your saying about root not being any worse danger than a normal user. Except for some programs such as Xchat.

In Windows you can issue a command in chat and crash all windows systems on that channel. Now if I'm running root, is it possable to run commands that will effect me as Root reading these bits of script with a chat program?

As you said, your personal data is what's important, because Puppy is protected on CD, but lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#52 Post by Flash »

muskrat wrote:... lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?
If you are running Puppy from the live CD, the hard drive is the only thing that could be contaminated. Probably the contamination would be limited to the pup001 file but as far as I can see there is nothing stopping Puppy from writing to the hard drive outside the pup001 file. In that case it would most likely just screw up your hard drive rather than install a rootkit or something like that, which would require the attacker to have intimate knowlege of your OS and configuration. I think.

It seems to me that the best solution is to back up your pup001 file, or at least the bits that are important to you, in an isolated repository on a regular schedule. And always wear your mittens.

muskrat
Posts: 24
Joined: Sun 03 Jul 2005, 17:46
Location: Gulf Coast TX-MX
Contact:

#53 Post by muskrat »

Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#54 Post by GuestToo »

a rootkit would allow people to connect to your operating system as user "root", which would enable them to do anything that you can do (look at any of your files, delete files, change files, reconfigure anything, install programs, install keyloggers, install password sniffers, download, upload, surf to web sites, etc etc) ... they would probably be doing this from a text console, but it's also possible for them to see what you are seeing on the screen

a rootkit not only sets up your system so they can connect to it, it changes some of the system files so you don't notice anyone is connected ... it might change ls so you don't see the rootkit files, it might change md5sum so you don't know that certain files have been changed, ps and top so you don't see the rootkit programs running, ifconfig and netstat so you don't see that they are connected to you ... etc etc

one advantage to running Puppy, is that any changes to /bin, /sbin, /lib will be gone when you reboot ... and any changes to /usr will be visible if you look in /root/.usr (unless you have an option 2 install, in which case, you don't have most of the advantages of running Puppy anyway)

if you have a rootkit, anyone can use your operating system to mount/unmount any drives they like, snoop in them, install rootkits on those drives if they like

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#55 Post by Flash »

muskrat wrote:Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?
I only run puppy from the live CD. I have a dual-boot computer with Windows 2000(NTFS)/Mandrake Linux(ext3) on the hard drive. The Puppy live CD sees the Mandrake ext3 Home partition and puts the pupxxx file there. As far as I can tell, Puppy has never written anything anywhere else to the hard drive except the pup001 file. The "Only Possible Screwup" :lol: that I can see is if you try to enlarge the pup001 file when there's not enough room in the partition. For all I know, even that possibility is accounted for. I've enlarged my pup001 file to about 2 GB with no problems.

muskrat
Posts: 24
Joined: Sun 03 Jul 2005, 17:46
Location: Gulf Coast TX-MX
Contact:

#56 Post by muskrat »

So I guess in all reality it's not a good idea to run Puppy as root with a drive you value, that has another linux instalation on it. It could be compromised along with puppy. Even though puppy reboots and all is well your native linux might not be.

Is the any way to convert puppy to using a normal user, and su to do root. Just like a native install of linux?

Or an after thought, could I remove the root and boot partions from my Puppy fstab file? Would that help in making them unseen/unaccessable? Kind of out of site out of mind.

I like puppy and would like to experment some more with it. But realy don't like the idea of root kits getting placed in my native installations.
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#57 Post by GuestToo »

It could be compromised along with puppy
well, the potential is there

you can run X as user "spot" ... it isn't hard to do, though there are problems, like permissions, and mounting/unmounting and accessing drives, etc etc

running as spot would not prevent someone logging onto your system as root ... if he could do it when you run as root, he can do it when you run as spot
realy don't like the idea of root kits getting placed in my native installations
it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy

i run Puppy most of the time, and i don't feel really unsafe

muskrat
Posts: 24
Joined: Sun 03 Jul 2005, 17:46
Location: Gulf Coast TX-MX
Contact:

#58 Post by muskrat »

I'm not parinod, I just believe internet security is up to each indavidual. It's also a on going campaign.
it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy
Maybe somebody ought to build a hardened version of Puppy, espiacally since it runs as root all the time. Since I'm running just a desktop with no local network, I don't believe I'm much of an atracktion for hackers. But like you said no computor is hack proof, some are just harder than others.

I've also found the harder your system is the more diffacult it is to use. Puppy is easy to use because it doesn't restrick the user he can mount, unmount, change system config files and any other items normally only root is allowed to do.

To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.
Steve (Muskrat) McMullen
http://www.muskratsweb.com
Registered Linux User #305785

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#59 Post by Lobster »

muskrat wrote: To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.
Very interesting what you say Steve,

I too have relaxed. I had to be so vigilant (I did not use a virus protection package in Windoesn't - just care). Virus protection in my view is more of a menace than most viruses I have encountered. However key loggers and trojans and phishers and all sorts are rife on Windows - it is the main reason I changed - I was losing the battle.

Running from CD is so hot! (or is that cool) - Programs are safe. What about the data?
I get my data onto the web as soon as possible - let some server with BSD and all sorts, protect my data. All my secret data (mostly secret fish sauce recipes) is probably of little interest - though Tux has expressed an interest . . . he likes fish too . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
ezeze5000
Posts: 347
Joined: Tue 10 May 2005, 17:48
Location: Missouri U.S.A
Contact:

#60 Post by ezeze5000 »

jmarsden wrote:This post is probably overkill,but:
BarryK wrote:Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.

I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!

BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try nmap and (if desired) Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.

Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick

Code: Select all

# netstat -nl --inet
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling :-) [[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to

Code: Select all

# netstat -na -f inet
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]

Jonathan
I tried this code on my puppy:

Code: Select all

 # netsat -na -f inet

But it worked better this way: 

[code] #netsat -na -F inet

I got a good readout with this.

am I correct?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

in principle better

#61 Post by Lobster »

or better still

Code: Select all

#netstat -na -F inet
:oops: ('t' missing) but in principle better
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Guest

#62 Post by Guest »

According to this, (second entry; WMF vulnerability) running as a user with limited NTFS rights doesn't prevent execution of malware. I don't really understand the explanation though.

wayover13
Posts: 4
Joined: Mon 27 Feb 2006, 18:31

#63 Post by wayover13 »

This discussion seems to sort of miss an essential point (the poster observes, not having read the whole thread). Sure, someone should be able to operate as root on their own computer. Just as someone can drive their own car however they want, shoot their own gun, etc. Of course it should be borne in mind that people are expected to demonstrate a certain degree of mastery in those things before they can legally do them, and so a person running as root should have a certain degree of mastery (read: solid knowledge of how their computer works and, especially if they are on a network, what the vulnerabilites and dangers are). But again, this is a bit beside the point. The problem with Puppy is not that it runs as root by default: it obviously does that just fine. The problem is there is no way for users who do not want to run as root to do so: just as someone should be able to run as root if they choose (and hopefully they will have the necessary understanding to do so safely), so the user should have the choice of not running as root. The problem here is that Puppy provides no easy and effective way of doing so. That is a shortcoming of the distro, no matter how you cut it: it should be there for those who want it. The question of whether you should be "allowed" as a matter of principle to run as root is rather irrelevant to answering to the fact that Puppy has no easy and effective way to set up non-root users. Is any work being done on this?

James

flavour
Posts: 125
Joined: Thu 08 Sep 2005, 20:26
Location: Bicester, UK

#64 Post by flavour »

the user should have the choice of not running as root. The problem here is that Puppy provides no easy and effective way of doing so. That is a shortcoming of the distro, no matter how you cut it: it should be there for those who want it. The question of whether you should be "allowed" as a matter of principle to run as root is rather irrelevant to answering to the fact that Puppy has no easy and effective way to set up non-root users.
This sums it up perfectly for me :)
Whilst many (or even most) users are happy with the current approach, there are many others who would really like to widen the Puppy audience, but need RunAsNonRoot to be in-place first.
Is any work being done on this?
I am little by little & some of this is being passed upstream into the main distro (e.g. it now includes sudo by default)

This, I believe, is how to start tackling it - fix the little errors in the system scripts which hardcode /root instead of $HOME
Include this in the guidelines on 3rd party packages.
Then get an option in the Universal Installer to RunAsNonRoot.
- liveCD can be left as-is (to now annoy those that like the current system), but an *option* in the installed versions (where it matters more)

Would be *great* to see this in the first release of Puppy2 :)

F

flavour
Posts: 125
Joined: Thu 08 Sep 2005, 20:26
Location: Bicester, UK

#65 Post by flavour »

My work-in-progress HowTo is here:
http://wiki.inveneo.org/index.php/RunAsNonRoot

I got quite far in 1.07 but got stumped by SegFaults which I didn't manage to track down (happened just after running xorgwizard - whether selecting xvesa or xorg).

I will try again with 1.08 & be more persistent with tracking down the source of any SegFaults by putting debug statements into various possible files:
.xinitrc
xwin
xrdb -merge -nocpp ~/.Xresources
/usr/bin/autocutsel

F

Post Reply