Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Nov 2014, 22:27
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Security - running as root
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Author Message
tronkel


Joined: 30 Sep 2005
Posts: 1104
Location: Vienna Austria

PostPosted: Tue 20 Oct 2009, 10:04    Post subject:  Security - running as root  

The australian police are advising people who use their computer for on-line banking to use a live CD and mention amongst other distros, Puppy Linux. This has been widely reported recently.

Thing is, Puppy always runs as root and therefore could still be vulnerable to hidden downloaded executables that could read and subsequently re-transmit any sensitive data such as passwords that are resident in RAM during the on-line session.

In order to close down this possibility, it would be better to at least have the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.

Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version.

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
MU


Joined: 24 Aug 2005
Posts: 13644
Location: Karlsruhe, Germany

PostPosted: Tue 20 Oct 2009, 18:36    Post subject:  

You may use such a script:
/usr/local/bin/seamonkeyspot

Code:
#!/bin/bash

su spot -c seamonkey


make it executable:
chmod 755 /usr/local/bin/seamonkeyspot

Then add it to the desktop.
This runs seamonkey as spot.
Works in newyearspup, in Puppy 3 I used a more complicated method:
http://www.murga-linux.com/puppy/viewtopic.php?t=28014

Mark

_________________
my recommended links
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 21 Oct 2009, 00:42    Post subject:  

Been there, done that. Built the Puppy, made a revision, wrote lots of documentation.... No t-shirt though Sad
Multiuser Puppy
It doesn't come with a limited user already installed though (well, there is spot, but he isn't configured any differently from in the standard Puppy, so you would probably prefer to create a limited user to use, who would then have a normal desktop). You have to boot once as root, add other users, remember to change your password, disable the autologin, and then reboot. The reason I did it that way is to make it transparent, so that the rest of us who like being root don't notice any change. That way it would be easier for a developer to slip this into an official Puppy without causing riots. Laughing People are free to remaster it into a version that has different defaults if they want a version that comes preset to be used with pfix=ram or whatever.



But the nice thing about MU's method rather than actually running completely as the user is that if only Seamonkey is spot, then if Seamonkey is compromised, it can only modify things spot can modify, which is nearly nothing outside of the /root/spot/ directory. On the other hand, if you were logged in as a limited user named tronkel, and just running Seamonkey normally (so that it was also running as tronkel), then if Seamonkey were compromised, it would be able to modify anything that tronkel can modify.

In a purely ram situation, where there is no preserved data at all, there isn't as big of a difference since tronkel wouldn't have much data around anyway, and still wouldn't be allowed to modify system files. But for an installation where data is preserved, tronkel will presumably have all his personal data stored owned or at least readable by the tronkel user, so that he can read it without jumping through hoops. In that case, being a limited user does not protect you at all from a privacy standpoint if your browser is compromised, since it has the same permissions you do.

So to be really paranoid you would want to run as a limited user, but then run your browser as a different (and even more limited) user. This could probably be done fairly painlessly with sudo so that you wouldn't have to input a password just to run the browser as user "browser", but could still have the browser user password protected from the other users (in case you have multiple people involved, or in case you want to isolate other applications too, like IRC or email, and don't want them to be able to read eachother's data).

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
tronkel


Joined: 30 Sep 2005
Posts: 1104
Location: Vienna Austria

PostPosted: Wed 21 Oct 2009, 15:04    Post subject:  

MU wrote:
Quote:
You may use such a script:
/usr/local/bin/seamonkeyspot

Code:
#!/bin/bash

su spot -c seamonkey


Running this returns:
Quote:
su: chdir(/): Permission denied


even if I chmod to 755.

This might be to do do with the fact that I'm running this in Puppy 4.3.1

What's wrong here I wonder.

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
MU


Joined: 24 Aug 2005
Posts: 13644
Location: Karlsruhe, Germany

PostPosted: Wed 21 Oct 2009, 19:00    Post subject:  

not certain, must test it on my own in Puppy 4.3 tomorrow.
It cannot change to a directory because of wrong permissions.
Might be wrong permissions for /tmp

Try this command:
chmod 777 /tmp

In newyearspup this is set by default.

Mark

_________________
my recommended links
Back to top
View user's profile Send private message Visit poster's website 
MU


Joined: 24 Aug 2005
Posts: 13644
Location: Karlsruhe, Germany

PostPosted: Wed 21 Oct 2009, 20:07    Post subject:  

hm, in Puppy 4.3.0 (frugal installation) it works.
I will test Puppy 4.3.1 tomorrow, as it takes some hours to download using a mobile internet connection that I use this week.

I attach the script, just in case a typo error was the case for your problem.

I also slightly modified it, so it tells you, who you are:
Code:
#!/bin/bash

su spot -c "whoami  >/tmp/whoami.txt;sync;xmessage 'running as user: `cat /tmp/whoami.txt`';seamonkey"


And thanks, Pizzasgood, for writing a more detailed explanation Smile
Mark
seamonkeyspot.tar.gz
Description 
gz

 Download 
Filename  seamonkeyspot.tar.gz 
Filesize  209 Bytes 
Downloaded  556 Time(s) 

_________________
my recommended links
Back to top
View user's profile Send private message Visit poster's website 
jabu2

Joined: 07 Apr 2008
Posts: 45
Location: Australia

PostPosted: Wed 21 Oct 2009, 21:42    Post subject: secure browser mode for 4.4CE  

Tronkels proposal is a really useful new capability for Puppy, and removes one minor shortcoming - security for traveller-users (compared to other distros).

"the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.
Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version
."

This capability will need to be a simple on/off toggle for the average puppy user - implying some neat programming from you linux-majors who know how to do that, and make a gui.

Tronkels description of purpose could be put in plain English ie
"logging in to Puppy as a non-root user" could become
"use ultra-security" (or words to that effect). And perhaps it should default back to the root-user mode at logoff (fail-safe position for several reasons).

And adoption by Technosaurus into 4.4CE specs

And notifying to future potential users by Lobster via the 4.4 wikka......http://puppylinux.org/wikka/Puppy44


jabu2 (4.31 with firefox, and 4.3.1 final on Fujitsu lifebook)
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 21 Oct 2009, 23:49    Post subject:  

Why do people keep forcing me to break out the big fonts?

Download a MULTIUSER Puppy HERE

Can I get a QED? Laughing

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
amigo

Joined: 02 Apr 2007
Posts: 2279

PostPosted: Thu 22 Oct 2009, 01:51    Post subject:  

MU, /tmp should be chmod'ed 1777, to prevent non-root users from being able to delete the directory.
Back to top
View user's profile Send private message 
tronkel


Joined: 30 Sep 2005
Posts: 1104
Location: Vienna Austria

PostPosted: Thu 22 Oct 2009, 04:08    Post subject: MU script problem solved!  

Ok, seem to have found the permissions problem with the su command.

chmod-ing /tmp to 777 didn't work. The problem was with the permissions of the root directory in Puppy, i.e. '/' (not /root).

After chmod-ing this to 777 everything started working.

Many thanks for the cool idea MU.

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
tronkel


Joined: 30 Sep 2005
Posts: 1104
Location: Vienna Austria

PostPosted: Thu 22 Oct 2009, 10:44    Post subject:  

Attached is a dotpet that contains MU's seamonkeyspot script
plus a GUI exectutable. All the GUI does is to run the script. GUI was made using FLTK and C++

The pet makes a menu entry called "safemonkey secure browser"
This starts your seamonkey browser as user "spot" who has no access to system files. This should ensure that no malware can be installed without your knowledge, even running as a live cd.

Seems to work, apart from a profile problem that causes the seamonkey main window to corrupt slightly. It's an old Mozilla problem - not sure what the solution is yet.

Will test it further. Let me know what you find.

edit: see lower down the thread for an updated dotpet that includes exception handling that checks for the existence of seamonkeyspot script in /root
safe-seamonkey-1.0.pet
Description 
pet

 Download 
Filename  safe-seamonkey-1.0.pet 
Filesize  114.25 KB 
Downloaded  589 Time(s) 

_________________
Life is too short to spend it in front of a computer

Last edited by tronkel on Wed 28 Oct 2009, 13:03; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Thu 22 Oct 2009, 11:02    Post subject:  

Seems to work OK Tronkel
I have done much the same here (I hope) in script
but also included running Puppy Browser securely
and Screen Lock enhancement Cool

GROWL
http://www.murga-linux.com/puppy/viewtopic.php?p=353697#353697

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Thu 22 Oct 2009, 13:57    Post subject:  

.... it is not a good idea to make / 777. If you do that, any limited user can rename the top level directories (they cannot actually delete them if there is any content within them that they don't have permission to change, but they can rename just fine).

You are better off running Seamonkey as root than doing that.

And anyway, you definitely should not need to make / 777 just to run seamonkey as spot. The problem must be something else.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
retry3

Joined: 15 Aug 2006
Posts: 65
Location: Ohio

PostPosted: Mon 26 Oct 2009, 20:04    Post subject: safeseamonkey secure browser experience & questions
Subject description: secure financial browsing
 

HP Notebook 1.4Ghz 512MB, dying HD - 431 Frugal Live CD

Installed safeseamonkey (great application idea)

My financial website would not let me have access even with all the correct passwords etc.

When I tried to quit safeseamonkey, the dialog box would not close even after it went all gray with no fields or data and safeSM would not quit until I used kill.

Tried to open safeSM again but got stuck in a loop in the dialog box and it failed to open.

Next I changed to user "spot" & ran normal Seamonkey and was able to log in & access my account OK.

II would like to use safeSM but I don't know what to do next; reinstall?

My question is, whether I am just as secure by being spot first and then opening my regular SM, as using safeSM alone? Something Pizzagood wrote makes me wonder..
Back to top
View user's profile Send private message 
tronkel


Joined: 30 Sep 2005
Posts: 1104
Location: Vienna Austria

PostPosted: Tue 27 Oct 2009, 03:43    Post subject:  

Hi retry3

Yes, as far as I can see, you're just as safe running a user spot directly.

The safeseamonkey GUI is only an attempt to make it friendlier for newbies to think more about security stuff without having to get to grips with scripting and such-like.

Can you make sure that the seamonkeyspot script is actually in your /root folder? It it wasn't there, that would be a reason why the program would crash.

This was only a first shot at this. I should really have included some exception handling that checks if the script is actually there.

Thanks for the feedback. Let me know what happens.

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
Display posts from previous:   Sort by:   
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0931s ][ Queries: 12 (0.0040s) ][ GZIP on ]