Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Sep 2014, 02:36
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Moving Root to Spot makes Puppy secure?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 13 Jul 2011, 07:13    Post_subject:  Moving Root to Spot makes Puppy secure?
Sub_title: Needs more elaboration maybe
 

In a post in another thread Clam01 wrote
http://www.murga-linux.com/puppy/viewtopic.php?p=543491#543491
Quote:
Clam01 wrote
Our object is to make our puppy (any breed or cross) more secure. As we all know, our puppies are not secure because we run as root.

To be secure we want to run as spot. The easy way to do this is to move our root to spot.

To do this just open two file windows (one if you run one of those two-paner file managers), go up one level to /, in one and open the other to spot.

Then drag root from the / window and drop it in the spot one. That's all there is to it. Our root is now safe in spot. We are all done. Literally.

Everything we do from this point on that triggers a call to a file in root will stop for being unable to find root.

Nothing can get instruction from root, now tucked safely away in spot, secure even from us and our own computer.

What is really cool and real virus like is the way all our open programs continues to work until we try to do something with one, whereupon it immediately freezes up. It's proper virus-infection behavior.

To recover demonstrates the first-most security feature of puppy. We have to hard-reboot, since root being lost makes everything stop (including, fortunately, writing the move of root to the pup-save file).

When our puppy reboots it reboots through a normal restart to a normal puppy rebuilt from the main sfs, pup-save and additional sfs files. A healthy puppy, all recovered, no longer sick. Puppy is, indeed, virus-proof, and idiot-proof! Not, however, that pup-saves can collect malware and should be cleaned every now and again.

For convenience, if you customize settings, and add programs, set your puppy up as you want and build a custom that incorporates what you want as you want it, so all is in your main sfs, then save everything important to one or two files in your pup-save that you can move out to a partition before you clean your pup-save (mouse a frame around all contents and quiet-delete).


I wish I was more computer savvy, I am an absolute computer challenged guy but what you say in my quote above is interesting.

I wish somebody geeky could test it and explain how to use it for us Noobs.

Could you tell more about this part?

Quote:

For convenience, if you customize settings, and add programs, set your puppy up as you want and build a custom that incorporates what you want as you want it, so all is in your main sfs,

then save everything important to one or two files in your pup-save that you can move out to a partition before you clean your pup-save

(mouse a frame around all contents and quiet-delete).


I feel very dense when I read that part. Sorry wish I knew what you refer to.

Important question.

To do hard reboots that is not something good to do. So that one needs a less dangerous solution!

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Wed 13 Jul 2011, 21:44    Post_subject:  

Nooby,

You forgot to include the line before the first you quoted, that identified the recipe for a "puppy virus". Here is some further explanation from the other thread:

Note that my recipe for "securing" root by moving it into spot is a puppy-virus recipe. It is fun in puppy because it does no serious harm (though you should do it on a frugal-installed puppy you don't have personal files in, just in case). It isn't a cure for anything, except maybe acute boredom. Computer programs find things they need by following paths to them. Putting root in spot removes root from the path programs follow to find it. Coming to a dead-end a program stalls. This effectively kills the running puppy. This does no harm with puppy because the running puppy is a copy. It is a clone of the puppy main sfs modified per white and black lists and additional instructions, and files, in the pup-save, and additional sfs's added on startup.

Basically all my "puppy-virus" does is illustrate and demonstrate the puppy structure that makes puppy root secure and provides puppy's first-line of security against infections. To bring in LPS into the discussion, for a nod to the thread, this first-line defense is the same that LPS uses (which LPS almost certainly has from puppy, which is famous for it, via GPL).

The means to "propagate" the "virus", moving root to spot to make root secure, is for fun. It is one of those "too good to be true" things, "so easy why didn't the experts ever think of it?" Because they are fun I like to think of these things.

Caveats: Because I have never full-install installed a puppy I don't know if the virus works the same, or messes things up in a full install. Also, I don't know if a puppy that saves to USB periodically will always fail to save the root-in-spot configuration to its pup-save. If your puppy does not restart normally, reboot in ram, mount the pup-save, move personal files out to /mnt/home, then mouse draw to compass all files in the pup-save, quiet-delete all, close the empty window, unmount the pup-save (by left-clicking on it), then reboot the computer, not saving your ram session. When the puppy main sfs re-populates the pup-save you can customize it again and move your personal files from /mnt/home back in.


What you quote in your second quote is just saying that to make reorganizing your puppy easier after a cleaning its pup-save (from a ram session, as said above), when you have your puppy the way you want it do a remaster. That will give you a custom puppy with most of what you have set it up with installed in the main sfs. You still have to redo minor tweaks.

Putting all your personal files in one or two folders makes it easy to move them out of your pup-save before you rm -r its contents to force the main sfs to re-populate it with clean, unmodified, from the main sfs, folders and files.

Puppy remakes root from the main sfs, then tweaks it with your preferences from pup-save each time you start a puppy. wiping the whole contents of your pup-save makes puppy do the same for the pup-save. These are things you can do if you are paranoid and lazy. They are easier than setting spot up with a password and permissions.

The next step, if wiping your pup-save does not seem to have cured everything, is to delete the whole pup-save (wiping out all contents, including the file system), then build another.

The last step, for the totally paranoid, is to delete the main sfs file, too, then reinstall your puppy as brand-new.

What is nice about puppy is that the average computer user, with no experience except as a user, can do all of these things in the GUI, him or herself (and the first puppy does automatically for you, on every restart).
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 14 Jul 2011, 04:55    Post_subject:  

Quote:
Note that my recipe for "securing" root by moving it into spot is a puppy-virus recipe.


I don't get it on the level needed to decide on it. I am too dense obviously
Sorry

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
amigo

Joined: 02 Apr 2007
Posts: 2247

PostPosted: Thu 14 Jul 2011, 13:15    Post_subject:  

Contrary to what CLAM01 says, changing the name of the /root directory to anything else doesn't have any particular inlfuence on the 'security' of puppy -it simply renders it unusable for any programs which refer to the path to '/root' -either as as a program path or as the path to any required config file. Most of the programs which might be potentially used by some malware are probably located in /sbin or /usr/sbin (they should be there anyway).

The term 'virus', as used here, is completely out of context -'virus' refers to certain types of malware which are usually binary 'blobs' which contain their own executable code which doesn't need to call other installed programs in order to do its' job.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 14 Jul 2011, 15:19    Post_subject:  

amigo wrote:
Contrary to what CLAM01 says, changing the name of the /root directory to anything else doesn't have any particular inlfuence on the 'security' of puppy -....


Amigo I don't criticise or have any opinion at all on what you say. I am totally dependent on both of you to sort this out.

But did he really do as you say here? As I remember he drag the root folder to spot.

How is that related to change the name of Root. To me that is two different things.

Not that I have tested neither of them but I have tested to drag the folder named .mozilla to /mnt/home and then dragged it back to / whic his root but only made a symlink.

To drag something is not to rename it is it. So could you explain if it really is the same. Drag and drop is very different is it not?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 14 Jul 2011, 15:21    Post_subject:  

copy of what he actually wrote

Quote:
To be secure we want to run as spot. The easy way to do this is to move our root to spot.

To do this just open two file windows (one if you run one of those two-paner file managers), go up one level to /, in one and open the other to spot.

Then drag root from the / window and drop it in the spot one. That's all there is to it. Our root is now safe in spot. We are all done. Literally.


Now can one really say that he rename root as spot?

He place root within spot. Is that not something very different?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9124
Location: Stratford, Ontario

PostPosted: Thu 14 Jul 2011, 18:46    Post_subject:  

CLAM01 wrote:
To be secure we want to run as spot. The easy way to do this is to move our root to spot. To do this just open two file windows (one if you run one of those two-paner file managers), go up one level to /, in one and open the other to spot. Then drag root from the / window and drop it in the spot one.

You can't drag a folder into a subfolder of itself.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 14 Jul 2011, 19:22    Post_subject:  

rcrsn51 is my Linux hero, I trust him 100%.

So guys don't give this up now. Sort it out so us noobs can understand.

What was accomplished and how did it work if at all.

Clam you have to reconstruct the whole thing and step by step explain how it works

I go back to bed now and dream that it is solved when I wake up some 10 hours from now. My by now famous sleep apnea makes me sleep for ages.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Thu 14 Jul 2011, 20:17    Post_subject:  

Amigo,

You are right: I did not create a real virus, or even a real "puppy-virus". Viruses (virii?) are bio-medical organic compound entities capable of altering cell structures. They are life-forms and so are able to invade, infect, propagate, migrate and mutate opportunistically, without human or other aid, except transport and hosting.

What I created was confusion.

It is obviously a good thing puppy security is discussed in an off-topic area here... Though in this discussion's case we should perhaps be in the Truly Off-Topic area, since we are off-topically discussing puppy and a puppy topic. Can anything be more truly off-topic than an off-topic discussion that is on-topic yet off-topic?

I now go off to experiment, to attempt to learn why I am able to make my puppy do the impossible. It may take some time. Every time I do I turn my puppy computer into a perpetual non-motion machine...
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 15 Jul 2011, 05:28    Post_subject:  

Thanks Clam, do tell which Puppy later when you've accomplish something you trust to work.

If you have time. Do test with both pupsave and without pupsave.

With pupsave it maybe corrupt it so use .3fs instead of 2fs?

Without a pupsave with all the personal stuff either outside of the root in /mnt/home or already in the sfs which means it does not corrupt.

Looking forward to a successful experiment.

Later today I maybe try it too on some new frugal install.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Thu 21 Jul 2011, 22:36    Post_subject:  

nooby,

I am afraid I neglected to emphasize sufficiently that to make the securing of root by moving it into spot work you have to use the puppy you are going to experiment on for a time, saving files to the on-disk pup-save file.

It is the separation of the ramdisk root and pup-save root (in puppy's layering) that makes the silly-trick work. Applications running in ramdisk root saving into pup-save root (which is "impossible" [except for puppy]) set the stage for "saving" root in spot...
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Sat 23 Jul 2011, 19:13    Post_subject:  

I think the better way to relocate spot is by editing the /etc/passwd* files for the new location.

Then make a new directory to reflect the changes and assign ownership accordingly. Copy old spot files to new directory.

Then modify the script which runs didiwiki also if it needs it.

I haven't done it, but that's the approach I'd take.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Sat 23 Jul 2011, 20:33    Post_subject:  

Do you guys know about 'fido'?

http://bkhome.org/blog/?viewDetailed=02240

All puppies built with recent Woof support fido, but I haven't done any further development on it since the initial work. It does need bug fixing. Wary 5.1.2 is an example that has it.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Sat 23 Jul 2011, 23:21    Post_subject:  

Barry,

I've read a little about fido. My problem, if we can even call it a problem is I'm running Lupu 5.20. It is easy enough to install, but I have modified things so extensively that I don't want to change. Also, thanks much for the super multimedia support with this disto. Plus all the official .pet packages to add more multi-media support.

My next upgrade will be to Lupu 5.25 probably, unless there is a newer release when I upgrade.

Even at that, it will have spot. I could make another user for web browsing but spot works fine.

The problem with spot is the same anyone would have with fido. I download more than the pupsave file can hold. I resolve this by having download directories with permissions for spot. So it isn't a problem really as it only takes a couple seconds to make the directories outside the pupsave file.

Also thanks for a world class small distribution. I don't have any requests except keep doing what you are doing. If there is something I don't like, I'll probably make a patch for it and post it for others to use. If you like it you can use it. But don't expect to see much, if any in that way.

Kind regards,

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
amigo

Joined: 02 Apr 2007
Posts: 2247

PostPosted: Sun 24 Jul 2011, 03:21    Post_subject:  

Typically, we seem to betrying to invent a new way of handling multiple users on an OS that was designed to do that from the very beginning. The whole thing of running as root by default could have been implemeted very simply -with a quick edit of just a couple files.

Instead, since great effort was spent to create a root-only distro, by having to hack around on lots of things, we've made it very difficult to re-implement proper multi-user capability.

The proper thing to do here is to get rid of all the hacks and omissions which made puppy root-only in the first place. Then we'd have something which would be easily configurable to run as root-only, multi-user, as a proper server or whatever one wanted.

The idea that root and fido should share a home directory is absolutely preposterous.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1033s ][ Queries: 11 (0.0086s) ][ GZIP on ]