Why I don't like running as root (in Puppy)

For discussions about security.
Message
Author
User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#76 Post by Pizzasgood »

The cool thing with Puppy is that you can reinstall in mere minutes. Sure, that doesn't protect your personal data, but that's going to be open to attack even with multi-user (except from other users).

Actually, with Puppy the system files are impossible to edit, unless something specifically targets Puppy and you have a frugal install or a re-writable disk. They're stored in pup_xxx.sfs, which is read-only. When you try editing them, Puppy places a copy in your save-file and masks the original with it, but the original is still there. If you go behind UnionFS's back and delete the copy of the file, the original will re-appear.

So if something compromised your Puppy and left your personal files alone, you could just mount the save-file directly and delete all system files and relavent .wh* files. Then reboot, and the original system files are back.

If it does harm your personal data, just delete the save-file and start over. The personal data would have been harmed anyway, because you'd still have permissions to it.

All that's assuming you maintain a save-file. If you don't, and just run in ram, all you do is reboot and poof! Pristine system. If you use multi-session, just roll back a couple sessions. Simple.


Now, if you have a full-HD install, you're in a different boat. There are times when a full install is preferable, but it loses the majority of Puppy's benefits, especially with regard to security and fast installs.



The biggest reason I see for having true multi-user in Puppy is to protect the user from himself, especially when said user is a kid. Encryption is more effective at protecting data, and multiple save-files is generally good enough for multiple users. But I would welcome a small transparent optional multi-user setup so long as it still auto-logged-in as root like it does now. Just for those rare cases when true multi-user is needed.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

paulsiu
Posts: 187
Joined: Wed 17 Jan 2007, 02:58

#77 Post by paulsiu »

Nice thing about puppy is that everyone can have a personal puppy on a key. No matter how secure a computer is, someone will accidently find a way to wipe out the hard disk. If everyone has their own personal puppy, they can only damage their own copy.

setecio
Posts: 326
Joined: Wed 01 Nov 2006, 12:09
Location: UK

#78 Post by setecio »

Bookmarked.

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#79 Post by edoc »

paulsiu wrote:Nice thing about puppy is that everyone can have a personal puppy on a key. No matter how secure a computer is, someone will accidently find a way to wipe out the hard disk. If everyone has their own personal puppy, they can only damage their own copy.
What is the current status of Puppy on a USB stick?

Compatibility with a wide range of laptop and desktop hardware?

Is there a list of laptops and desktops which will boot Puppy from
USB?

I have just acquired a used Dell Latitude C400 which did not come with
a CD drive. Should I anticipate being able to boot Puppy from a USB
stick?

I like the idea of my OS and key apps on a 1 or 2G USB stick! Perhaps
a couple of different sticks, each optimized for a different set of apps.
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603

jglen490
Posts: 9
Joined: Sun 09 Mar 2008, 18:25

#80 Post by jglen490 »

Ho-hum.

All the arguments about personal freedom and about being the only user and "I can do whatever I want, because ...".

What is comes down to, is whether you always run as root or run as a non-privileged user most of the time, most of us DO SOMETHING to protect our system or try to not pass on infected files or try to pay attention to security in some way.

I don't run Puppy - for a variety of reasons, most of which have nothing to do with this thread. Anybody who runs any sort of Linux is going to show up as stealthy on Steve Gibson's site. It's the nature of the OS, unless you DO SOMETHING to open yourself up. By the way, that has nothing to do with being, or remaining secure. Just refer to any number of Linux pubs that discuss security and publish security problems with various Linux programs. Yes, these DO get cleared up fairly quickly, but the problems still come back. So it is necessary to DO SOMETHING to stay on top of security.

It has been suggested that you can clear out Trojans, viruses, etc. by rebuilding your backup file periodically. You all know how to do that, I don't, so I won't comment any further on that. So even in Puppy you need to DO SOMETHING to protect your security.

Do any of you run antivirus products in Linux? Do you know that such things exist? "But you can't get a virus in Linux!" Sorry, that's baloney. Two reasons. Linux is not yet a big enough target -- Linux will be some day. The other is that secure usage of Linux involves not only the usual things that "safe computing" means an implies, but also the normally inherent separation of root use and regular user us. By keeping the two separate, successfully attacking a Linux system is more difficult; not impossible, just more difficult. The more difficult it is for the "bad guy" to a) get in and b) severely compromise a system, or your home, or your business, the less likely you will be targeted..

O.K., so you keep all the stuff that's important to you in your $HOME directory anyway. So if someone gets to your user it's gone, anyway. Well, a) you do backup right? and b) if the rest of your system is intact, recovery is simpler - because you do backup right?

Puppy Linux runs in RAM. That's good, so each time you reboot it's like a new install. What about if you just leave your system up for a few hours/days/weeks. You're as vulnerable as anyone else PLUS, you're running as root!!

You do what you need to do, but I rely on my personal Linux system to provide me with a secure and reliable platform to do my daily and other personal tasks. This is not a business system, but because it is personal, I need it to do the "SOMETHINGS" that I do in the best way possible. If I didn't care, and if my Linux system wasn't just that good, I'd be running Windoze in admin mode (like most personal users run it).

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#81 Post by trapster »

(paranoid)
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#82 Post by Pizzasgood »

O.K., so you keep all the stuff that's important to you in your $HOME directory anyway. So if someone gets to your user it's gone, anyway. Well, a) you do backup right? and b) if the rest of your system is intact, recovery is simpler - because you do backup right?
I use Puppy as a Frugal install. Backup and restoration are so ridiculously easy that jumping through the hoops of limited users would be absurd. Why do all that for the ease of just restoring my home directory, when I could not do all that and then just restore the pup_save.2fs file? Which is actually easier, since I don't have to mount the old pup_save.2fs file to replace the compromised home directory.


The best arguments for multi-user in Puppy that I've seen so far are:
A. Avoiding becoming a zombi
B. Keeping the illiterate from borking themselves very often
C. When you're in an actual multi-user situation and don't want the duplication of having two save files (though you could remaster the duplicated portions into the pup_xxx.sfs file to offset this, but whatever)
D. Running apps that were written by paranoid fascists and thus refuse to run as root


Those reasons are good enough that I'll be making the next version of Pizzapup be multi-user friendly out of the box.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

jglen490
Posts: 9
Joined: Sun 09 Mar 2008, 18:25

#83 Post by jglen490 »

trapster wrote:(paranoid)
No thanks, I only need one noid at a time :roll: .

I understand -- it's a choice. Just responding to the thread and explaining my position. Actually, I'm not at all fearful of what's beyond the walls of my home. It just is so ridiculously easy to use my "normal" user for everything EXCEPT for those things that affect my overall system health. The rest is just normal Linux. Puppy is the exception, not the rule, but Puppy also has a good reputation as an easy to use distro. So press on with whatever distro you want to use.

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#84 Post by edoc »

I use Puppy as a Frugal install. Backup and restoration are so ridiculously easy that jumping through the hoops of limited users would be absurd. Why do all that for the ease of just restoring my home directory, when I could not do all that and then just restore the pup_save.2fs file? Which is actually easier, since I don't have to mount the old pup_save.2fs file to replace the compromised home directory.
Wish I could run a Frugal Install. 3.01 has a bug of some sort that made booting as Frugal non-functional on two different laptops and one desktop here so they are all Full Installs.

Any word when we will see 3.02 and 4.x/Dingo?
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603

mill0001
Posts: 358
Joined: Thu 01 Feb 2007, 16:30
Location: "People's Republik of Kalifornia"

Running as root

#85 Post by mill0001 »

BarryK, I'm running fresh frugal install of 4.00 with Linux firewall enabled. I just ran Shields up scan a few minutes ago after reading this post and got full stealth results. This puppy is workin good Boss.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#86 Post by 8Geee »

Bruce B said 3 years ago:
When I used to run Windows 9x, I never got infected with a virus or a trojan. I use Windows 9x as an example because it is as if one is 'root' in terms of permissions. In most cases the infection is a user interaction. Not something that just happens. That is one reason why I never got an infection.
I used W98se for 8 years. Finally the 2nd MoBo died last month, and thats it. Never cared for Xp or Vista, and the admin problems there. The web is too complex for 98se: USB sticks are APITA, new builds are moving away from ISO9660 on CD/DVD. I bought an Eee. It also has migrated away from ISO9660, and won't look back.

As a former W98se user, I can verify Bruce's statements. The caveat was always, SpyBot, SpyBlaster, and a Firewall (I chose Sygate 5.6), previous to them, an AV was ESSENTIAL. But NOT after that trio was installed. ==> 2nd edit: Since the root can be secured, I will be using the pupeee version.

1st edit==> after re-reading this thread I have noted one obvious missing point. The reluctance to share if the modem 'pinged when attacked'. I just bought a new all-in-one modem/net/wifi box. Its cheaper than the two separate devices: modem and router. Straight off to grc.com. All the ports are stealthed but the modem pinged when attacked. Bad modem, bad bad modem, no XP for you! And the ASUS Eee has no native suport for a firewall... why? NO IPtables. Bad Eee, bad bad Eee. Kernal rebuild solves tough, but alas I didn't buy it to hack it. Maybe replace it, but not hack around in the dark fixing stuff.

2nd point is related to post 98se Windoze systems. Elevated root privilidges. THAT, is what keeps you busy and behind with M$. Lotsa apps can elevate themselves. Bad M$, bad bad M$.
Last edited by 8Geee on Sat 24 May 2008, 21:13, edited 1 time in total.

User avatar
urban soul
Posts: 273
Joined: Wed 05 Mar 2008, 17:03
Location: "Killing a nerd is not as much fun as ist sounds" B.Simpson
Contact:

#87 Post by urban soul »

I just want to throw in that a compromised system is a compromised system is a compromised system. If you are root or not doesnt matter. If I compromised a user account I will compromise the root account later. Later means there's time to fix it. Thats true.

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#88 Post by SirDuncan »

The problem with people saying that running as root will get you hacked is this:
Most distros give you the ability to run sudo to get root power. If the hacker compromises your unprivileged account, all he/she has to do is type sudo before any nasty command. At that point the hacker has your password, which is what you give when you run sudo.

That means that in that kind of environment the only advantage of an unprivileged account is that it protects the user from the user.

In other words, Puppy is no less secure than, say, Ubuntu because it runs as root. On either system, the hacker needs only to compromise a single account and can then do whatever he/she wants. On Puppy, the hacker cracks root's password and then types "rm -f -r /*". On Ubuntu, the hacker compromises bob's password and then types "sudo rm -f -r /*" followed by bob's password when prompted.

The only small advantage the non-root system has here is that the hacker has to find a user name, whereas the root account name is already known.

Still, I would like to see Puppy gain multiuser power at some point.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#89 Post by 8Geee »

Very good and touche. However, placing a Root name/pass in the mix to access root.might ward off the attacker. Having a default immutable name/pass defeats the purpose. Fortuneately Stephanie over at eeeusers forum was able to come up with a user/pass scheme (and mega-thankyous) for that rather broken distro, and Root can be protected (but see the recent news about the SSL flaw in Debian derived Operating Systems). Is the Root user/pass is mutable here?

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#90 Post by SirDuncan »

8Geee wrote:Is the Root user/pass is mutable here?
If by that you mean "can you change the root user name or password?", the answer is, yes you can change the password. I don't know if you can change the user name. It would be a good idea, though. Changing the name may cause some problems with scripts and such, but it is good security practice.

Personally, I always change the root password. I may forget to do it at first, but I eventually get around to it.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
edoc
Posts: 4729
Joined: Sun 07 Aug 2005, 20:16
Location: Southeast Georgia, USA
Contact:

#91 Post by edoc »

SirDuncan wrote:Personally, I always change the root password. I may forget to do it at first, but I eventually get around to it.
Is that still possible in Puppy 4/Dingo?
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#92 Post by Pizzasgood »

I don't see why not. Just run passwd
Keep in mind that if CUPS asks for the password, you will have to use your new password rather than woofwoof.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#93 Post by SirDuncan »

edoc wrote:Is that still possible in Puppy 4/Dingo?
Absolutely.
Pizzasgood wrote:Just run passwd
Exactly.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#94 Post by Flash »

Anyone could drive a stake through this thread's heart anytime, by actually proving they had a problem which was caused by running Puppy as root. For instance, a computer that was taken over by malware which couldn't have worked if they hadn't been running as root. Until I see proof that it actually caused a problem, I'm not going to worry my pretty little head over running as root. :lol:

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#95 Post by cthisbear »

" Anyone could drive a stake through this thread's heart anytime,
by actually proving they had a problem which was caused
by running Puppy as root. "

Log onto the Whirlpool forum for their grief fest on Puppy.

Reminds me of that old Kinks song.
Paranoia the destroyer .

http://www.youtube.com/watch?v=ZBbAZVw3_7A

Chris.

Post Reply