Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 21:32
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
"Read only" puppy on HDD
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 00:15    Post subject:  "Read only" puppy on HDD
Subject description: How best to achieve?
 

Various forum members have expressed the advantages of running from a multisession DVD (which I have not tried yet...) and I can see advantages in running from a media which does not allow the executable code to be modified.

I want to run my netbook (which has no optical drive) on a puppy that is never able to be modified. (ie: which could never support a trojan or virus that survived across reboots).

I would like to know if others have succeeded in setting up their HDD based puppies to emulate running from CD/DVD in live session? (ie: no changes are EVER written to the puppy code on HDD). I have found a similar relevant thread here:http://murga-linux.com/puppy/viewtopic.php?t=42825 but various comments I have seen suggest that under some circumstances it is not trustworthy to simply lockout the save file mechanism.

Does anyone know if it is possible to somehow change permissions on all puppy files such that NOTHING in the operating system can be changed?

Maybe some feature of a remaster that would allow changes at remaster time but never afterwards?
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3400
Location: West Lothian, Scotland, UK

PostPosted: Fri 28 Jun 2013, 01:43    Post subject:  

I have a couple of Puppies set so I can CHOOSE when/whether to save session changes...
Either DURING THE SESSION...
Or...
At shutdown/reboot.

Hence it's possible for me to choose to not save any session changes.

But I guess that's not what you're after, right?
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 02:06    Post subject:  

I currently have that sort of setup on a usb stick, but I wanted to have the puppy installed to inbuilt HDD and somehow make it "not possible" to alter the HDD code at all (like a ROM).

I thought there might be some pupmode that allowed the code to load to ram and allowed any necessary system writes to occur in ram, but never be written out to HDD because the HDD files had been marked as "read only" via locked down permissions or some other foolproof method.

I guess I dont really trust myself to get the pupmode (or grub stanza) correctly set up to ABSOLUTELY GUARANTEE that the HDD code will be unaltered at all times.

I wondered if something similar might even be possible by using a basic "secure" puppy (without internet capability) to boot the netbook, then transfer control via virtualbox to a separate readonly environment that is used for the internet stuff, but which never writes back to the original boot puppy.

Perhaps what I'm asking is: is there any puppy which has had ALL of its pupsave code completely removed, rather than just disabled/crippled intentionally as we have to do to get control of usb pupsaves.
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Fri 28 Jun 2013, 02:30    Post subject:  

To see if your pupsave file has been modified after using one of those solutions, you could do and save an md5sum of your pupsave.
If nothing is added or changed in it, the md5sum should remain the same.
I know that is not a lot of help in finding a solution, but it is a way to check the pupsave file for possible modifications.

It makes me wonder though if setting up a pupsave file with your preferences and applications, creating an SFS file from it, if one could boot with pfix=ram, and use SFS-loa-on-the-fly to load the created substitute for the pupsave and have it work.
This is even if it required a restart of X.

An alternative would involve major programming to have a hard drive install act like a DVD/CD in that it would save sessions to the hard drive in place of a pupsave file.

As to virtual-box, as I cannot remember, is one able to save files to the underlying file system that might be called ZConfused
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 03:41    Post subject:  

8-bit wrote:
It makes me wonder though if setting up a pupsave file with your preferences and applications, creating an SFS file from it, if one could boot with pfix=ram, and use SFS-loa-on-the-fly to load the created substitute for the pupsave and have it work.
Interesting idea. It raises the question about how puppy treats an sfs - I presume an sfs must be a read-only filesystem that remains unchanged when it is unloaded at shutdown time?

So I wonder if the browsing environment could be totally included in an sfs and not need to even write to a pupsave at all?

Or maybe it might be possible to "wrap up" a browsing sfs inside a virtualbox session?

(just spitballing ideas here...)
Back to top
View user's profile Send private message 
watchdog

Joined: 28 Sep 2012
Posts: 507

PostPosted: Fri 28 Jun 2013, 08:36    Post subject:  

Put your custompuppy.iso on a usb pendrive by unetbootin or universal installer. Don't give write permissions to your pupsave. Every time you want to run puppy in "safe mode" boot the netbook with the pendrive in ram mode and then copy the "fixed" pupsave to hd. Give it write permissions on the hd. On the hd at root directory leave initrd.gz, vmlinuz, the sfs of your puppy and syslinux.cfg in which you'll have changed pmedia=usbflash with pmedia=atahd. Reboot with option "puppy pmedia=atahd" and load the pupsave on hd. Now you can remove the pendrive. Closing the session delete the pupsave on hd: you can do it the next time you need to boot in "safe" mode. Delete the old pupsave on hd and substitute it with the fixed pupsave from pendrive. Could it work for you?
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 14:27    Post subject:  

watchdog wrote:
Put your custompuppy.iso on a usb pendrive by unetbootin or universal installer. Don't give write permissions to your pupsave.
Do you mean I should create a pupsave then remove the write permissions from it, or are you meaning "don't create a pupsave at all"?
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 14:39    Post subject:  

As far as I can tell, the puppy sfs in my frugal install folder should be a "read only" filesystem. Why? Because it gets loaded from the sfs into ram - there should be no reason to write to that sfs.

If that is the case, why does my image below show that the sfs has write permissions set? Why should this ever need to be the case???

If these permissions could safely be set to read only I think that would satisfy my requirements. (Then all I would have to do is make sure a savefile was never created, and delete any that DID accidentally get created)
sfs writeable.png
 Description   
 Filesize   39.98 KB
 Viewed   226 Time(s)

sfs writeable.png

Back to top
View user's profile Send private message 
ETP


Joined: 19 Oct 2010
Posts: 527
Location: UK

PostPosted: Fri 28 Jun 2013, 14:46    Post subject: "Read only" puppy on HDD – (Of netbook)  

Hi greengeek,

You are aware of my fondness for simple solutions, so I am going to suggest that instead of using the hard disc, you just do a manual frugal install to a FAT32 SD card instead. This of course assumes that your netbook is capable of booting from a bootable SD card. There a few that will not.
Here is an example using Magoo V6 with all the files just in the root, the card having been made bootable with syslinux.exe from XP. [syslinux.exe -f -m -a X:]

Syslinux.cfg is as simple as possible comprising of just a single line:

Code:
default /vmlinuz initrd=/initrd.gz pmedia=usbflash

Once you have created the save-file, installed any extra pets and imported any bookmarks install pupsaveconfig-2.2.5 and set it initially to “ask at shutdown”.
Reboot making sure you save the session, then set it to “never” (-0) and power off.
Move the switch on the side of the SD card to the read only position to make it bomb proof. A save icon will appear on the desktop but nothing can be saved. It might be wise to scan the now locked down stick for viruses before using it in anger.

If during a session you do wish to save something just plug in a usb stick and save to that.
If at any point you wish to add anything to the stick just unlock it, save the state, re-lock and scan it again.
sdhc_magoo_v6.jpg
 Description   
 Filesize   44.93 KB
 Viewed   276 Time(s)

sdhc_magoo_v6.jpg


_________________
Regards ETP
Accessibility Pups: -- Magoo -- The Pup With No Name -- MouseCam -- Obedient
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 8924
Location: Stratford, Ontario

PostPosted: Fri 28 Jun 2013, 14:47    Post subject:  

greengeek wrote:
If that is the case, why does my image below show that the sfs has write permissions set? Why should this ever need to be the case???

It gives you permission to delete the file.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 14:49    Post subject:  

Supplementary Question:
If I am running in ram (live session with no pupsave) and I write a file to a usb stick - is that file actually written? (I believe so. I am unaware of this having failed for me in the past)

Is this a different set of circumstances to the situation where I HAVE created a pupsave, but then disabled any new saving? If I HAVE got a pupsave, but have disabled any saving, what happens to a file that I try to save to usb? Does that file stay in ram, awaiting a "save to pupsave" command that never comes? (I suspect that I have lost files in the past because this situation is slightly different to a "live CD session" that NEVER had a pupsave in the first place...)
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 14:58    Post subject: Re: "Read only" puppy on HDD – (Of netbook)  

ETP wrote:
You are aware of my fondness for simple solutions
A characteristic I try to emulate without much success unfortunately Smile
Thanks for the SD suggestion - I recall that this netbook does boot successfully from SD using some puppies but not others (and always fails from a usb boot using syslinux 4.04). I will come back to this method if I can't satisfy myself of a suitable way of setting the HDD to my satisfaction.

rcrsn51 wrote:
It gives you permission to delete the file.
Interesting - perhaps that might give me the "untouchability" I am looking for.

EDIT :Once I've got the method sorted on my netbook I plan to use it on other machines aswell. In particular I have one machine which is used by a psychiatric patient who has a penchant for tinkering and experimenting - I currently have them running from CD so we can always go back to a known state, but it has become problematic always having to have the CD in the drive so I am trying to duplicate that functionality/untouchability on HDD

Last edited by greengeek on Fri 28 Jun 2013, 15:29; edited 1 time in total
Back to top
View user's profile Send private message 
jrb


Joined: 11 Dec 2007
Posts: 1030
Location: Smithers, BC, Canada

PostPosted: Fri 28 Jun 2013, 15:24    Post subject: Re: "Read only" puppy on HDD
Subject description: How best to achieve?
 

greengeek wrote:
I want to run my netbook (which has no optical drive) on a puppy that is never able to be modified. (ie: which could never support a trojan or virus that survived across reboots).


I am posting from a frugal install of an unmodified PhatSlacko5502 with no pupsave file. At boot it access's a series of startup scripts which create links, load SFS's and copy the contents of various .pets into the system. I can install .pets in the normal way but when I reboot they are gone. If I want changes that last I have to place them in a folder on the hard drive from which they are copied into the system. One of my startup scripts sets the PUPMODE=12 so it thinks there is a pupsave and doesn't ask to create one when I shutdown.

I have been able to make this work with all the 5 level puppies. Its a bit involved and I don't really have time to go into it right now but if you're interested I might be able to explain it more thoroughly this evening.

Cheers, J
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Fri 28 Jun 2013, 15:33    Post subject:  

Thanks jrb - that sounds like the sort of thing I need to head towards. I feel a need to improve my understanding of pupmodes and permissions etc before I'm ready to get this done effectively so will PM you for more info later when I reach the appropriate level of understanding.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2407
Location: New Zealand

PostPosted: Sat 29 Jun 2013, 04:43    Post subject:  

rcrsn51 wrote:
greengeek wrote:
If that is the case, why does my image below show that the sfs has write permissions set? Why should this ever need to be the case???

It gives you permission to delete the file.
I just tried changing the permissions for a puppy sfs file (pup-431.sfs) and found I can still delete it. Does that seem odd?

I think if I remastered a puppy so it never tried to create a pupsave, and also turned the .sfs write permissions off permanently (which it looks as if I can do without undue consequences) I should be able to achieve what I was setting out to do.

Maybe.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0958s ][ Queries: 12 (0.0040s) ][ GZIP on ]