Puppy Linux Discussion Forum

dimkr wrote: ↑Sun Sep 03, 2023 10:18 am

so they can make informed decisions

Two points. Firstly, we are not in the Security section of the forum, but in the general Offtopic section. Therefore, you should have expected jokes and banter.
Secondly, I am almost the only one here who does not claim that root is safe. The rest say that there were no cases. I say that the absence of precedents is not proof

And in general, it's like studying the Sun We will know what is there and how it works... but we won't be able to do anything if anything happens.

@dimkr By the way, the other day I felt like a real hacker. You probably know about one professional text and hex editor. I'm interested in the hex part of it. I compiled Linux version 14.0. It works, but of course I required to enter a key. I jokingly entered the key from Windows version 12.0. Registration worked, the program was registered before 2106. Sometimes it's good when they don't think about security all the time
P.S. I have already used the editor for patching the good old Max Payne, which does not work in Wine on Ryzen CPU.

When I want extra security (internet banking), then I run a Puppy set up on a LOCKED SD card.
Once I have done my business, I shut down and remove the USB adapter with the card, thinking that I was secure.
Is this naive thinking?

@proebler - provided your puppy is reasonably up to date, you should be ok (no promises). If you'd been on for hours, then did your banking, would increase chances of a hack. All internet access has some risk, as does life. I personally think getting robbed at an autoteller is more of a risk than a short session with an up-to-date puppy.

Maybe it is time to realise the Internet is more dangerous by far nowadays than it was in traditional Puppy heyday. Boasting about running as root desktop may be a foolish kind of boast, convenience aside.

Mikewalsh mentioned something related, being the use of chown -R spot:spot <directory_hierarch> as being used to make parts of the filesystem hierarchy read/writable by normal user spot, but cited that as an inconvenience, which, relatively speaking, it is.

However, so many issues (run-as-spot) and so on, are clearly involved nowadays in running major apps (more and more wanting some sort of sandbox). Perhaps it is time to stop crowing about the great feature of Puppy Linux being it running as root user by default? Most any Linux can, easily enough, be configured to provide a root user desktop; indeed, because of Kennel traditions, even I have set up most of my own KL releases (such as KLU-jam) to start off running by default at root user desktop. In practice, however, KLU-jam allows you to easily switch to running as spot user desktop and stays on that when you reboot (but can easily similarly switch back to running as root user when you 'really' find commands inconvenient and have a lot of system admin to do). And I laugh at the quoted comments I've read on this forum regarding some 'policeman' claiming/believing-the-rubbish that Puppy is the safest distro for internet banking... and when exactly did a police officer become an expert in computer-related security?????! The claim is a lot of nonsense of course.

I would not myself use Puppy to login to by Internet bank account happily any more - despite, fingers-crossed, no major invasion of my system by hackers, as yet... too late if and when that occurs... certainly the danger has increased over time.

I wonder how many individuals remain that continue to insist on root user desktop and thus prevent development in a different better, I'd say, way?

Instead of all the on-going continuous dev-hacking to allow some apps to run as normal user, and pulseaudio/pipewire issues and so on and forth, just to allow the 'convenient' root user desktop, why instead not improve Puppy to properly login as normal user desktop (spot, for example), but spend dev time producing/providing 'convenience' apps to help adjust permissions required whenever and so on...? Puppy traditional design (no PAM and so on) was a simplification in its day to make a less-complex to build distro. Truth is, Puppy is hardly smaller than can be achieved by KL full multi-user distros, or the earlier even DebianDogs (which also run with root user desktop, but unnecessarily really).

I've never in the past myself cared about security dangers too much (except was great to escape contant MS windows virus attacks and continuous virus scanning mechanisms). However, the Internet is core important in most peoples' lives nowadays and security is a major issue. Not providing the capability to run as normal user is daft in today's world (and even that is not really enough any more, but certainly helps).

None of the running as root user is a problem if Puppy isn't used as main desktop distro and for the likes of banking. But then again, most people don't probably like to dual boot simply because they have some banking or other matter to do that required security - pretty much everything we have to get done is via some online process nowadays...

I can't help but feel, admittedly, that running as a normal user with no password required sudo rights is potentially risky too, so better to not to make life too convenient in that way really either, except maybe if known to be only a user working on local machine and not 'getting' in via some remote mechanism.

sudo, by the way, can be configured to only allow normal user root permissions for selected commands only (e.g. adding new users or whatever). Doesn't need to be full on root rights.

If you prefix any command with “sudo”, it will run that command with elevated privileges or in other words allow a user with proper permissions to execute a command as another user, such as the superuser.
This is the equivalent of the “run as administrator” option in Windows.

If you are a user in a multi-user operating system.
And you use sudo to run a command.

Isn't this the same as running the command as root user, without needing sudo to run it?

A hacker is never going to inject malicious code, that uses sudo in the code?

wiak wrote: ↑Mon Sep 04, 2023 3:42 am

sudo, by the way, can be configured to only allow normal user root permissions for selected commands only (e.g. adding new users or whatever). Doesn't need to be full on root rights.

I'm not sure if you can set up things to only allow sudo use directly on local machine. Maybe via some hosts file? But I don't know. Remote login via ssh first needs either a password or better certificates/pubic key access.

Since I'm no computer security expert at all, I just feel 'uncomfortable' running as root user when doing my banking. Whether sudo increases risks, well... I don't trust any privilege escalation technique, so go with the flow as far as what 'security professionals' recommend. Less rights the login user has, the better I feel. For the increased 'safety' of our users, I feel it is best to give them systems that increase security but provide 'convenience' mechanisms for those that want to risk using these occasionally...

The topic of discussion is interesting. But probably it is necessary to introduce gradations. For example, if you are a rich uncle, a kind of Scrooge McDuck of our days, then no root. But if you are a poor student and have made yourself a system for emulation, then it's just more convenient there with root, it's not about bills and money there at all.

If future versions of Puppy will be inconvenient to use due to entering a password "every three seconds", plus the mention of root as a plus will be thrown out of the "advertisement", then it is not worth waiting for some kind of revival.

The truth is born in a dispute. And we should have a balance. Unfortunately, @dimkr and @wiak will not be able to quarrel on this topic, as they are in solidarity on the issue of root

bigpup wrote: ↑Mon Sep 04, 2023 3:50 am

Isn't this the same as running the command as root user, without needing sudo to run it?

sudo allows you to run a process as root, but only after authentication. An attacker who achieved remote code execution on your computer needs to know your password to run sudo.

However, sudo is a complex tool and has a long list of known vulnerabilities (https://medium.com/@dev.nest/how-to-byp ... 6ef10a1466, https://nvd.nist.gov/vuln/detail/CVE-2021-3156 and others), some of which allow privilege escalation to root without prior authentication. Therefore, having sudo installed can be a security risk. One can implant persistent malware on your computer without root privileges (for example, malware that reads your browser cookies from the home folder, to steal your online accounts), but malware that runs as root can be more capable or be harder to detect and remove.

As for running any app as user root, and particularly browser... here is a recent threat notification:

https://www.cisecurity.org/advisory/a-v ... n_2023-041

and old link from RedHat rings true today too: https://access.redhat.com/articles/2094931

There are plenty regular exploits that would be particularly dangerous to someone running apps on the likes of Puppy as root user.

You may never know you have been 'hit' of course, or a malicious binary dropped into your system. The following was for MacOS, but if Mac could get attacked so can Linux: https://objective-see.org/blog/blog_0x43.html

Funny thing is, on this forum there are often threads complaining about privacy being loss due to Google tracking and so on, yet no issue running apps as root user (even browsers...). Of course if someone was became interested to break into your system and you are running as root, I suspect your privacy and protection would simply be in your mind; exploits cropping up all the time and hackers certainly succeed in stealing billions or locking people out of their key data asking for ransoms. Businesses get attacked of course, but Granny Smith not so much, but could happen I'd say... Social engineering is major vehicle and forums like this that trust member contributed software (even whole distros...) would be perfect mechanism to include malicious code. Hobby distros are best kept as hobby distros only IMO. Grey thinks it is all fine though.

wiak wrote: ↑Mon Sep 04, 2023 8:36 am

Grey thinks it is all fine though.

Grey has already said above that the agreement for all such projects states about the lack of responsibility. Have you even felt that you are going in a circle, a vicious circle? Root is dangerous, sudo is dangerous, sfs can be rewritten right on the fly, "big known distros" are dangerous to use (the more users, the more hackers). Etc. The circle closes. None of your suggestions to abandon the XXX component in the system gives any guarantees and peace of mind to the topikstarter.

@tammi806
That is why I advise topikstarter not to use the system to pay for pizza. Just play games and read the news. The hacker will get bored and he will slowly leave unnoticed by you.

@tammi806 If you lose money, no Grey, wiak and dimkr will help you. A stingy man's tear will roll down your cheek, you will beat the table with your fist... but these three debaters will just sympathize with you and point to the user agreement.

There are things you can do to reduce security risks, like keeping your system up to date with security fixes (i.e. if you're using Debian stable, install updates - they're few and only fix issues, packages are not upgraded to newer versions), avoiding software with bad track record (for example, use doas instead of sudo) or using sandboxes to isolate applications from each other (for example, use a browser Flatpak, so it can't read your password manager's files). You can't use your computer and be 100% safe, but you can reduce your exposure to the big risks, like known vulnerabilities anyone can exploit on your computer and common applications which probably have more vulnerabilities that will be disclosed to the public soon.

dimkr wrote: ↑Mon Sep 04, 2023 10:42 am

but you can reduce your exposure to the big risks,

The problem is that we are each on our own wave I suggest topikstarter to play games, and you advise him to use sandboxes and monitor the system at a certain level. At the same time, he is 72 years old and it is unlikely that he will do all this, otherwise he would not have asked a question about root. wiak, as usual, thinks only about KL releases, explaining the root that is there by default with "traditions" and immediately scolding it.

Meanwhile, the topic has exhausted itself. The answer is received. THERE IS A RISK. Everything else is special cases of using the system.

Grey wrote: ↑Mon Sep 04, 2023 11:18 am

wiak, as usual, thinks only about KL releases

You exaggerate. I do consider KL releases as a priority here, because I have some responsibility regarding their use and likely success or failure. Meanwhile, I type this post on Linux Mint full install, which is the distro I use most of the time, because either I am just browsing and so on, or I am working. It is only when I am playing at being a computer dev or whatever people term that behaviour that I use KL or experiment with other offerings, which I do now and again. My computer usage is shrinking, however. A big slice of my precious time spent in the coffee shop with only occasional glance at android phone, which turns out to be a powerful phone that I totally underuse. But no, I am not logged in as root, and rarely even using sudo.

wiak wrote: ↑Mon Sep 04, 2023 12:17 pm

Linux Mint

I recently deleted Mint. Switched to pure Arch. But I have Fossapup sharpened for emulation, able to work without the Internet with two terabytes of retro games. Now @dimkr will probably say that we are setting a bad example to the users of the forum, and he uses his own best practices. Well, that's partly fair

Grey wrote: ↑Mon Sep 04, 2023 12:37 pm

Switched to pure Arch.

In addition, I stopped liking Clonezilla after an unpleasant incident. Now I use SystemRescue for backup, or rather FSArchiver, which is there. I really liked FSArchiver. Checksums for everything, even if the archive is broken, only a file or several are skipped. Streams, compression level are configurable.

I tend to use only Linux Mint,Android or Windows if I need to do fiscal business of any kind.
Most online banking transactions etc.these days require a second stage verification anyway which makes life much more secure for us all.

In my earlier days of using Puppy I booted to a live disc (obviously with no save file/folder) to do such things as banking.I'm sure we were all told it was a much safer option back then.Of course I believed it and it did make some sense to me at that time. Who really has all the answers now

tammi806 wrote: ↑Fri Sep 01, 2023 11:44 am

Hello Puppy Linux Forums,

My question.

Why do Linux users on other forums tell me that using Puppy Linux running as root is a security risk and is unsafe.

I'm no Linux guru and I don't know very much about Linux.

I've used Linux since around 2014 and I've learned some of the basics of Linux.

I discovered Puppy Linux sometime around 2015 and my first Puppy was TahrPup.

I'm running Easy OS currently as a daily driver frugal install to a USB flash drive.

Thanks.

DOES PUPPY LINUX SECURITY MODEL STILL MAKE SENSE TODAY?
https://unix.stackexchange.com/question ... make-sense

sonny wrote: ↑Mon Sep 04, 2023 3:00 pm

https://unix.stackexchange.com/question ... make-sense

Wow, so much false information and false assumptions there!

Fossapup 9.5, the Puppy release you find in the Puppy homepage, is 3y old and it's probably vulnerable to the many (majority? vast majority?) vulnerabilities listed in https://ubuntu.com/security/notices?ord ... l&details=. No "security model" can secure a 3y old operating system without updates of any kind, prebuilt binaries of unknown origin (do we know if any of the unreproducible executables that come from .pet packages contain malware?) or basic tamper protection (like digitally signed files and verification at boot time).

Grey wrote:

....wiak, as usual, thinks only about KL releases, explaining the root that is there by default with "traditions" and immediately scolding it.
...

Well, at least the KL releases have the choice to run as root and to run as normal user, IMO Puppy should have that choice too.
Then it would never be needed anymore to discuss about this subject, the answer can simply be:
"Ok, you don't like to run as root, you must have good reasons for that, fine, solution is: run your Puppy as normal user" (end discussion).

(btw, I always run as root (except sometimes browsing with run-as-spot) for many years, never had any issue (but I know, depends on what you do of course, and e.g. handling security updates etc..).

Wow, so much false information and false assumptions there!

13 years of "normal" operation accented by pushing boundaries, testing some stuff and NOT ONCE as in NEVER, have I had a security problem with ANY Puppy Linux variant.

@dimkr I see Puppy Linux as "Walter White" in this world. Do you know the television series "Breaking Bad"? A famous quote from a scene with Walter White and his wife:

Puppy Linux is the one who knocks.

when an up-to-date puppy is run as a user other than root, can it be just as secure an up to date debian or fedora? if so, than the distinction that should make puppy appealing is the ease to run as root when desired.

I agree the insistence that root "can be secure enough "as has seen it's day.

X can be run from two different ttys as two different users, but X has it's problems is on the way out also, but....
can wayland be run from two different ttys as two different users?

Rather than logging out of one user and logging in as another (or rebooting entirely), perhaps switching users by switching ttys, or something else that can only be done with physical access to the machine is a way to consider.

I don't see any magical fix in running as any other user. It's not the "root" user that's the problem.....it's who is root

....wiak, as usual, thinks only about KL releases, explaining the root that is there by default with "traditions" and immediately scolding it

I am the one who kept making different WeeDog, WDL, Firstrib, KLV's that use the root user as default. Had talks about it and we keep it that way so there is both the single user AND a multi-user strategy.

rockedge wrote: ↑Mon Sep 04, 2023 5:37 pm

13 years of "normal" operation accented by pushing boundaries, testing some stuff and NOT ONCE as in NEVER, have I had a security problem with ANY Puppy Linux variant.

What monitoring, auditing and intrusion detection solutions do you use?

rockedge wrote: ↑Mon Sep 04, 2023 5:41 pm

I don't see any magical fix in running as any other user.

are you saying that the basic architecture of linux as a multiuser system does not have it's place with addressing security concerns going forward?

One of the original appeals of puppy was security. Running from a cd was effective when the the competion was besiged by simple attacks. The world has changed, so perhaps the challenge is...
Can puppy adapt to provide innovative security methods for the future?

dimkr wrote: ↑Mon Sep 04, 2023 10:42 am

<snip>You can't use your computer and be 100% safe </snip>

@dimkr :-

Well, yeah. I guess that's fair comment. Of course, the only SAFE computer is one that is locked away in a big steel safe, and is never, EVER switched on. That, along with throwing the safe's key away (like dropping it in the ocean!)

The truly paranoid would probably take it one step further.......by chucking the safe itself into the ocean depths. (And then closing all personal accounts everywhere, disconnecting permanently from the internet, selling the house, moving into a cave in a remote mountain range, withdrawing completely from society and becoming a hermit.)

And even then, somebody would find you.....and scope you out to see if you had owt worth stealing. Shit happens.

"Safe" is boring. A little risk adds some "spice' to your life..!

dimkr wrote: ↑Mon Sep 04, 2023 3:57 pm

.....prebuilt binaries of unknown origin (do we know if any of the unreproducible executables that come from .pet packages contain malware?).....

Well, of course! Ab-so-lutely. (*sotto voce* - I'll let ya into a wee secret (shh; don't tell everyone!) - I pack every app I've ever built for the community chock-full of 'nasties'. Now you know..!!)

---------------------------

How things change. After a decade with Puppy, I've never knowingly had a single case of malware of any kind on my systems. And now the most prominent of our current developers want to make Puppy into a boring clone of every other identical distro out there..? Ach, I could weep.....

<rant>I came to Puppy to get away from all that nonsense. Being little better than a grudgingly-accepted "passenger" on my own machine? Nah. To have some idiot developers insist that I can't do this.....I'm not allowed to do that......I mustn't do this, that or the other? Tchah. I bought & paid for it. I'll do with it as I please, NOT what somebody else thinks I should do. Cheek. If I want to run my machine as root, with all the attendant risks that entails, then I will master doing so. I don't NEED protecting from my own foolishness, thank you very much.</rant over>

Now I've got that off my chest.....

I know some of us think Grey's got some odd perspectives on our wee canine. But he's near the mark more often than not. The language 'barrier' just means things don't always translate quite the way they should....

----------------------------------

Fred's got the right idea, I think - as usual. Provide the mechanisms to run in either mode, then leave the choice up to the user. Good man..!

Mike.

I've been using puppy since 2004, and maybe 10 years ago had a bank account hacked. It was entirely my fault as the browser
gave me a warning about my CA certificates but, being somewhat inebriated, went ahead regardless. The website looked like
my regular bank website, and the hackers only took small amounts at a time, adding up to about $A250 in total.

The bank asked me had I used a particular foreign airline, and I said I'd never been to that country and. after about 2 weeks, had
the money reimbursed to my account.

The problem was my system clock was out, as apparently this is used to generate CA certificates. No other issues since.

Also I first started using puppy as a refugee from windowsME. It had Nortons antivirus on it, and I found Nortons to be as bad as malware in that I kept
getting popups, and it wouldn't allow me to do certain things on my own laptop. And I found ME quite slow. I tried maybe ten different linux versions,
which all had problems like not seeing my hardware etc, until I chanced upon puppy, which saw all my hw, and ran fast,