Puppy Live CD with Non-Root user to prevent Browser Hijacking?

[williwaw]

just work is better than getting your personal stuff put at risk. relegating damage to within a single session is good start. Easy Os lets you run a browser in a container, maybe multiple browsers in multiple containers so that you can isolate jobs rather than rebooting frequently.

[user1111]

@rufwoof How does Fatdog differ from normal Puppy Linux? Does it use containers by default or did you modify it in that way? Can it be remastered like Puppy Linux?

Yes, in multiple ways. My preference is to use multi-session saves (that are stored to HDD), that create a separate sfs snapshot of changes each time you 'save' so you have a audit trail. However I tend to unsquashfs the main sfs so I have a squashfs-root folder that I extract the multi-session saves into and then reform a new main sfs from that using mksquashfs (that contains all of the changes). Just the way I do 'remastering' but there are other more conventional methods as well (flexibility).

I boot with that main sfs being loaded into ram, so once booted there's no need for any HDD's to be mounted, other than for data access/saving purposes. I've extended Fatdog to use containers bespoke coded for my needs/setup. Where each container uses the same main sfs image, that's already in ram, that uses Xephyr (Xserver separation so no key logging etc.), capabiities dropping and chroot, and where root in the container is just like a restricted regular userid (root in name only). I use a shared folder region for porting thing between the container and main sessions.

Typically I only use the main session for admin/booting, operationally I run regular daily activities within the container. After visiting one web site I might close that container and open it again, where its back to 'clean booted' style, no browser cookies or trail of prior visited sites ..etc.

Rootkit attacks are pretty useless, as even with root authority that can't see the main sessions environment nor disks etc. and with capabilities dropped etc. I don't know how that might be broken out of into the main session, nor install anything that might persist (only persists for the duration that the container is running from whenever it became infected). For browser bookmarks I have a tray icon that opens a list of those, separate from the browser, so even with a fresh browser each time at least I have a single click access to those bookmarks.

All pretty much based on/similar to Barry's Easy OS containers.

[rockedge]

Trying out EasyOS and it's container's would be worth it. With EasyDD it should be fairly straight forward to install.

We need to take into account the php based CMS system as well. There could be a JavaScript attack vector establishing the dropper and loader components

@Flash found this link and information and I think it is worth considering.
URL parsing: A ticking time bomb of security exploits

[mikeslr]

EasyOS may be the best advice. I hadn't worked with it in awhile and had forgotten about its "Lock-down" mode. I think it would be best to use two USB-Keys: one for your OS, the other to save files to. Those files could be examined without going on line.

So I'm not sure how much value this may be. It's major plus is that it can be used with any Puppy. I think it is reasonably secure for the reasons set forth in the post: Iron and firefox-esr in a Chroot, viewtopic.php?p=46953#p46953.

Files downloaded with one of the chrooted browsers will be located in /cont/root/downloads. That folder can be visually examined and only desired files moved out of the chroot.

As I wrote there, suggestion for strengthening that application are welcome. Especially welcomed would be any technique more encompassing than visual for examining files in /cont/root/downloads.

[williwaw]

@rockedge sounds like a plan. Working on the boot stick...

Hopefully you can keep us informed as to what works and what doesn't. Many pups and dogs are set up with a variety of different security options, and I would hate to think it takes a highly involved configuration for the average user to stay secure in today world.

That said, problems of this sort are seldom reported on this forum. Whether they go undetected by most, or simply don't happen is hard to tell. I would think many practice a degree of security based on possible threats rather than past experience.

[mikeslr]

Just a thought as I reviewed recent forum posts for what I might have missed. rerwin has recently published an uploaded Simple Network Setup 3.3-beta, viewtopic.php?p=46433#p46433 which "support of dynamic MAC address "spoofing", in two ways:

For a wireless connection, the interface's MAC address is changed to a random value appropriate for the vendor of the interface hardware when the "macchanger" package is installed.

For tethered smart phones (and other "gadgets") that "spoof" their MAC addresses (e.g., Android phones) and change them from time to time, they are accommodated. (Thanks to redquine for reporting the need for it.)" Check out the above post for links to the package and additional information.

Thanks, rerwin.

[Neo_78]

I am testing a couple of the suggested approaches and will report back as soon as I have results. Thanks everyone!

[rockedge]

@Neo_78 I made you an OS called KLV-Neo_78

It's Void Linux based Kennel Linux I custom built using @wiak's WeeDogLinux build scripts and a PLUG file recipe specially for your needs.
Desktop is jwm - rox using rox-filer for the file manager. Firefox in it's latest form and geany editor. xterm and lxterminal and that's about it.

[rockedge]

@Neo_78 There might be a way to us an OS that the attackers can not manipulate in the first place. Question is how well can it's web browser handle web apps used in enterprise production environments? This is written completely in assembly language and has no Linux kernel.
https://www.kolibrios.org/en/index.htm
https://www.kolibrios.org/en/screen.htm

KolibriOS Features

A monolithic preemptive kernel that is less than 100 kilobytes in size, complete with streams, parallel execution of system calls, a USB and TCP/IP stack.
Speed: Thanks to being (carefully) written in Assembler, it's very fast.
Size: KolibriOS is very small - The kernel and most of the programs fit on a 1.44MB floppy disk!
Filesystem support: Read/write support for FAT16/32 (with long file names) and ext2/3/4, read-only support for NTFS, XFS and CDFS(ISO9660).
Lightweight: Kolibri boots on any computer that has a Pentium (i586) compatible processor and at least eight megabytes of RAM.
Hardware support: A lot of the popular sound, network and graphics cards are supported (see supported hardware list)
Comes with a development kit (code editor with FASM macro-assembler integrated).

[Neo_78]

@rockedge that looks certainly interesting. However, I don't see any decent browser support:

http://wiki.kolibrios.org/wiki/Applications

And it seems that HTTPS support has not been implemented yet.

[rockedge]

@Neo_78 I made you an OS called KLV-Neo_78

It's Void Linux based Kennel Linux I custom built using @wiak's WeeDogLinux build scripts and a PLUG file recipe specially for your needs.
Desktop is jwm - rox using rox-filer for the file manager. Firefox in it's latest form and geany editor. xterm and lxterminal and that's about it. NetworkManager and pulseaudio are also installed

[Neo_78]

That sounds great @rockedge and I appreciate your effort. Do you have a link to test the iso?