Transmission (P2P filesharing program) and /root

For discussions about security.
Post Reply
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

Transmission (P2P filesharing program) and /root

#1 Post by Lobster »

I first reported this here:
http://www.murga-linux.com/puppy/viewto ... 582#565582

It has happened again, :cry:
basically directories that have been saved to an NTFS formatted directory are also appearing in /root (but empty)
- It is probably Transmission (the bit torrent program) or the source I am using
Pirate Bay
http://thepiratebay.org/
- yes I am following the Sith path again [part time evilness] :shock:
It could also possibly be the Slacko Beta 5 filing system or the NTFS file support.

However my feeling is that is Transmission
http://www.transmissionbt.com/

Anyone familiar with Transmission and know the potential risks/problems? Anyone experiencing anything similar?
Last edited by Lobster on Thu 29 Sep 2011, 08:23, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

aarf

Re: Transmission of root

#2 Post by aarf »

Lobster wrote:I first reported this here:
http://www.murga-linux.com/puppy/viewto ... 582#565582

It has happened again, :cry:
basically directories that have been saved to an NTFS formatted directory are also appearing in /root (but empty)
- It is probably Transmission (the bit torrent program) or the source I am using
Pirate Bay
http://thepiratebay.org/
- yes I am following the Sith path again [part time evilness] :shock:
It could also possibly be the Slacko Beta 5 filing system or the NTFS file support.

However my feeling is that is Transmission
http://www.transmissionbt.com/

Anyone familiar with Transmission and know the potential risks/problems? Anyone experiencing any similar?
last i looked slacko had transmission 1.2 much later and better transmission pets are available on the forum

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#3 Post by 8-bit »

When you use Transmission, and seed for others, are you just opening the door to your PC?
How do you know that they are not getting data from your PC other than just the file you downloaded?

aarf

#4 Post by aarf »

8-bit wrote:When you use Transmission, and seed for others, are you just opening the door to your PC?
How do you know that they are not getting data from your PC other than just the file you downloaded?
i often think this too when uploading just one image from a directory of many and it takes forever

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#5 Post by Lobster »

When you use Transmission, and seed for others, are you just opening the door to your PC?
:)
If someone offers to send you a file on IRC, during the link process they are linked to your machine and if a malcontent may try to mess about.

Something similar is technically possible with bit torrent.
I don't really know much more than that.
Try as I might watching traffic coming down the Internet would interfere with my 'watching paint dry' activities :shock:
Best leave for the tin hatted Doberman who love this potential breach , , , :wink:

My feeling is this is something to do with NTFS support in Puppy and some script being sent to write to the NTFS disk but ending up in root.

One possible solution is fixing fido
http://www.murga-linux.com/puppy/viewto ... 833#559833
Last edited by Lobster on Mon 03 Oct 2011, 13:25, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#6 Post by Stripe »

hi Lob

FWIW I have been having a think about your problem

you could try using a multi session cd/dvd as this loads into ram and as long as you dont save a downloading session nothing can be written permanently to your root directory/system. I would only mount one empty hard drive/partition to store the downloaded file in isolation till it can be checked for nasty's.

if it is writing to unmounted partitions then why not consider using an old box just for downloading? then check everything before it is taken off that box?

just a few ideas, hope they help

don

edited to add: I cant see how fido would work? all you would be doing is restricting your control over the machine, not the nastys ability to do damage.

Post Reply