Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 22 Nov 2014, 09:16
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Big security hole: Should have implimentation.
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Author Message
securityfreak

Joined: 11 Mar 2014
Posts: 2

PostPosted: Tue 11 Mar 2014, 23:22    Post_subject:  Big security hole: Should have implimentation.
Sub_title: ROOT FUNCTIONALITY
 

One thing with the system is that it really NEEDS to have a User account, THEN root on top of that. This way a person can USE the system, but then also be able to SU to the administration account to further administrate the system.

Because if you are using it on an older system, and want to have users on it, but for them to NOT have full access of it all, then it should not have root access from the get go.


This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.
Back to top
View user's profile Send_private_message 
p310don

Joined: 19 May 2009
Posts: 732
Location: Brisbane, Australia

PostPosted: Wed 12 Mar 2014, 00:49    Post_subject:  

Can everyone who has used puppy for years please detail the hacks they have been victims of please?
Back to top
View user's profile Send_private_message 
James C


Joined: 26 Mar 2009
Posts: 5932
Location: Kentucky

PostPosted: Wed 12 Mar 2014, 01:11    Post_subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


Zero here.
Back to top
View user's profile Send_private_message 
dancytron

Joined: 18 Jul 2012
Posts: 294

PostPosted: Wed 12 Mar 2014, 01:41    Post_subject:  

No problems here.

OP, if running as root is a problem, you should just use a different distribution.
Back to top
View user's profile Send_private_message 
Fossil

Joined: 13 Dec 2005
Posts: 690
Location: Gloucestershire, UK.

PostPosted: Wed 12 Mar 2014, 05:19    Post_subject:  

Quote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?
Have been using various Puppy incarnations every day, for eight - 8 - years. NEVER any attack or problem.
If you ain't happy with the product - move on!
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3517
Location: West Lothian, Scotland, UK

PostPosted: Wed 12 Mar 2014, 05:26    Post_subject:  

Once...and only once...upon a time...
When visiting some [malicious?] website...

I found windows opening on the desktop...
Displaying the contents of the Puppy CD-RW.

As I closed the windows, new windows would open.
So I used ctrl+alt+backspace to drop to a command prompt and rebooted.

Once back to the desktop, the problem was still there...
So...

I rebooted into a different Puppy CD-RW...
Deleted the pupsave of the problem Puppy...
Restored a good/clean recent backup copy [held on an external USB connected HDD, normally powered off] of a pupsave for the problem Puppy.
Then booted the original Puppy that had displayed the problem.

The problem was GONE! Very Happy

This is the only seeming security problem I've ever detected since beginning to use Puppy in Dec 2008.

These days, my Puppy doesn't save any session changes back to the pupsave on the internal HDD [neither during the session, nor at shutdown/reboot], unless I tell it to.
So I can [and sometimes do] power off improperly.
At next boot, the Puppy automatically scans&fixes the ext3 host partition file system and also the ext3 pupsave partition file system.
So far, doing this has never caused a problem [none of which I'm aware].
Hence, in the event of a problem I can just hold in the power button to power off.
Back to top
View user's profile Send_private_message 
RSH


Joined: 05 Sep 2011
Posts: 2420
Location: Germany

PostPosted: Wed 12 Mar 2014, 08:45    Post_subject:  

Never had any problem since I'm using Puppy. And I had just once a problem when I was a windows user (should not have opened that unknown email Wink ).

Quote:
This is a MAJOR security hole in the system, makes the system volatile to attacks and hacks and all fro the outside world if the system is on the internet.

The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.

_________________
LazY Puppy
RSH's DNA
SARA B.
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8633

PostPosted: Wed 12 Mar 2014, 08:58    Post_subject:  

Hmm like sylvander someone sent me to a site that had some horrible javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason I choose not to do but otherwise no harm done apart from my time wasted.

Apart from that we are looking at 8 years of running as root. Yes I managed to delete an entire partition of stuff though a bad script I made while learning (did recover most of it as it happens) so to me not being root guards against user stupidity NOT the internet which is a different matter.

As it happens I added multiuser to my puppies...not a major undertaking and it works as expected.... the lack of it is laziness and convenience since slax, another live distro, DOES provide full multiuser ability.

On a last note I recently did a weird one... created a user and then ssh to myself as that user and then ran firefox through x forwarding as that user...I felt suitably sandboxed Very Happy Of course this also requires additions to standard pups ...just though I would throw it in.

mike
Back to top
View user's profile Send_private_message 
Moose On The Loose


Joined: 24 Feb 2011
Posts: 532

PostPosted: Wed 12 Mar 2014, 10:13    Post_subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


With very little effort on my part, I could misunderstand your request to include those that I have been victim to while using other OSes. That would make the list so long that I would not want to type it all so here is the first and the last few viruses I had trouble with.

First:
Back when my computer used two floppies and had no hard drive, I discovered that somehow a new TSR got onto my MSDOS-3 boot disk and was making a copy of its self on any new floppy. This meant that I could not get the full use of the space on the floppy.

2nd Last:
On a XP machine fresh out of the box, as soon as I connected to the internet but before I downloaded the antivirus software, a massive string of network actions happened and the machine froze up.

Last:
On a Win-7 machine, quite suddenly in the middle of my doing something, it began doing a huge number of network accesses and bogged down and then went into the shutdown all on its own.


I have been using Puppy since 4.10 was the latest version and so far have never had a virus etc get me.
Back to top
View user's profile Send_private_message 
dejan555


Joined: 30 Nov 2008
Posts: 2715
Location: Montenegro

PostPosted: Wed 12 Mar 2014, 10:27    Post_subject:  

http://www.murga-linux.com/puppy/viewtopic.php?t=49025
_________________
Dpup 487 | Puppy Gallery | My photo gallery | mtPaint works
Back to top
View user's profile Send_private_message Visit_website MSNM 
musher0


Joined: 04 Jan 2009
Posts: 4326
Location: Gatineau (Qc), Canada

PostPosted: Wed 12 Mar 2014, 15:49    Post_subject:  

p310don wrote:
Can everyone who has used puppy for years please detail the hacks they have been victims of please?


None whatsoever.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
catsezmoo

Joined: 09 Feb 2014
Posts: 16

PostPosted: Wed 12 Mar 2014, 16:39    Post_subject:  

Quote:
javascript which had windows flying open all over the place...seems like the browser was going doo lally but made doing anything impossible...cant remember how I forced it off...crtlaltdelete or backspace or perhaps the power button.
After restarting firefox was a little upset and wanted to take me back to the same site which for some reason
NOT being logged in as root wouldn't prevent such a javascripted browser exploit
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8633

PostPosted: Wed 12 Mar 2014, 17:01    Post_subject:  

Quote:
NOT being logged in as root wouldn't prevent such a javascripted browser exploit

never said it would...please don't tell me what I have supposed to have said.

The point was about javascript on the net being the only problem ever experienced...a browser crash is the worst thing that has happened.... the subject of root is irrelevant in this case.

mike
Back to top
View user's profile Send_private_message 
ally


Joined: 19 May 2012
Posts: 862
Location: lincoln

PostPosted: Wed 12 Mar 2014, 17:06    Post_subject:  

over 3 years solid puppy

no issues

Smile
Back to top
View user's profile Send_private_message Visit_website 
starhawk

Joined: 22 Nov 2010
Posts: 3128
Location: Everybody knows this is nowhere...

PostPosted: Wed 12 Mar 2014, 20:36    Post_subject:  

RSH wrote:
The security hole usually is sitting on a chair in front of the computer: clicking and opening just everything that blinks, flickers and is offered to open and/or download it.


This.

The one time I've ever gotten a virus (it was on Windows!) I felt pretty stupid in the aftermath, because I was dumb enough to click on one of those "you just got a free e-card" links in my email.

To be fair, my mother was away at the time and I was lonely -- something must've clouded my thoughts enough to make me think that it could possibly be from her... Embarassed well, that idea went away real quick! Fortunately, I had antivirus software that cleaned things up quite nicely...

There's quite a bit to be said for safe browsing/emailing habits!

That said, I've been using Puppy "recreationally" since shortly after joining this forum... and I've been using it steady as my main OS for a month or two now. No problems of any kind (other than some bugs in my specific Puppy version of choice, that I was able to work around) that I couldn't attribute to my own occasional stupidity Wink

_________________

Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0921s ][ Queries: 12 (0.0055s) ][ GZIP on ]