omHello. I'm a musician, and I have tons of stuff in windows that I want to keep away from the internet. So I've been using only various linux distros for the internet, usually puppies. I've been doing this for years.
For the sake of getting to the point, If you are browsing the internet as root using any puppy, is it possible for someone over the internet to mount an unmounted windows drive on your computer and get into the content of it without your knowledge?
Puppy haters say browsing the internet as root is crazy, but I think, what can anyone do to you? Make it so you have to reboot your puppy? So what.
overall puppies security question
Hello woodymnt.
There are probably two dozen threads on this forum about Puppy safety. Do a
search with the forum search engine?
Main thing is: Puppy is root, yes, but the way the Puppy connection is
engineered, Puppy is invisible on the web. The logic of this approach is obvious:
if nobody knows you're on the Internet, who can do you harm?
You can reduce the permission of your files to you only. If you do so, even if you
had an intruder, (s)he couldn't do anything with / to your files.
In the unlikely event there is an intrusion, you can reboot of course, but
simply unplugging the ethernet cable will cut "kiddo" off.
Use common sense for safety in your browser, use our ad-blocker to build the
hosts file in /etc, keep openSSL and similar utilities updated (upgrades of those
are usually announced on this forum), and you should be ok.
Anyway, have fun reading our security threads: the subject's been discussed
in length, in width and in diagonal, sunny side up, upside down, boiled, fried
or poached, also some served their posts rare, medium rare or well done, with
teriyaki or soya sauce, and even as French toast!!!
Joke aside, I think we covered every possible angle.
I've been with puppy almost nine years now and I've never had a security
problem with it.
BFN.
There are probably two dozen threads on this forum about Puppy safety. Do a
search with the forum search engine?
Main thing is: Puppy is root, yes, but the way the Puppy connection is
engineered, Puppy is invisible on the web. The logic of this approach is obvious:
if nobody knows you're on the Internet, who can do you harm?
You can reduce the permission of your files to you only. If you do so, even if you
had an intruder, (s)he couldn't do anything with / to your files.
In the unlikely event there is an intrusion, you can reboot of course, but
simply unplugging the ethernet cable will cut "kiddo" off.
Use common sense for safety in your browser, use our ad-blocker to build the
hosts file in /etc, keep openSSL and similar utilities updated (upgrades of those
are usually announced on this forum), and you should be ok.
Anyway, have fun reading our security threads: the subject's been discussed
in length, in width and in diagonal, sunny side up, upside down, boiled, fried
or poached, also some served their posts rare, medium rare or well done, with
teriyaki or soya sauce, and even as French toast!!!
Joke aside, I think we covered every possible angle.
I've been with puppy almost nine years now and I've never had a security
problem with it.
BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Hello woodymnt,
Most of "Puppy" is easily replaceable. But your datafiles aren't. They are best kept on a partition other than the one on which your frugal install is located. You are running a frugal install with Automatic Save turned off, aren't you?
Partitions on which your frugal install is NOT located are not mounted on bootup. Until mounted, nothing on them can be accessed. You can apply the technique discussed here to prevent a casual user from accessing them.http://murga-linux.com/puppy/viewtopic. ... 038#971038.
Puppies don't ordinarily care what name an executable has. The mounting of partitions is handled by /usr/sbin/pmount, a bash-script. Untested, but you may be able to rename it to something only you know and move it to somewhere else "on the path"; for example, /root/my-applications/bin which is a location unique to Puppies. To access a currently unmounted partition, a hacker having broken into your OS would have to know the name pmount uses, and locating it in such an obscure location may increase the difficulty and length of time required using "trial and error". Or maybe place it in a "bin" folder having many executables, giving it the name of a commonly used application you don't use.
Someone with a greater understanding of bash may be able to determine what binary/built-in-routine pmount actually uses, and possibility of 'hardening' that.
For really sensitive data, consider http://murga-linux.com/puppy/viewtopic. ... 424#815424
mikesLr
Most of "Puppy" is easily replaceable. But your datafiles aren't. They are best kept on a partition other than the one on which your frugal install is located. You are running a frugal install with Automatic Save turned off, aren't you?
Partitions on which your frugal install is NOT located are not mounted on bootup. Until mounted, nothing on them can be accessed. You can apply the technique discussed here to prevent a casual user from accessing them.http://murga-linux.com/puppy/viewtopic. ... 038#971038.
Puppies don't ordinarily care what name an executable has. The mounting of partitions is handled by /usr/sbin/pmount, a bash-script. Untested, but you may be able to rename it to something only you know and move it to somewhere else "on the path"; for example, /root/my-applications/bin which is a location unique to Puppies. To access a currently unmounted partition, a hacker having broken into your OS would have to know the name pmount uses, and locating it in such an obscure location may increase the difficulty and length of time required using "trial and error". Or maybe place it in a "bin" folder having many executables, giving it the name of a commonly used application you don't use.
Someone with a greater understanding of bash may be able to determine what binary/built-in-routine pmount actually uses, and possibility of 'hardening' that.
For really sensitive data, consider http://murga-linux.com/puppy/viewtopic. ... 424#815424
mikesLr
Mozilla openly publish details about security patches/fixes ... which is a good starting point for any hacker to exploit that weakness in any browser they can detect that hasn't been patched/updated.
If the weakness permits arbitrary code to be executed then they're effectively in at the command level. If that is root ... they can pretty much do anything, look around for what drives are available (hidden mount command isn't much of a issue as they could pull down and execute a refined binary to search for and mount things without needing the local hosts version of mount).
Not only are your HDD's at risk, but also any PC's on the same LAN that a hack might look to propagate into.
Conventional 'nix simply runs more restricted userids to browse with ...etc. That way if a hack breaks out to command level it still is restricted i.e. user cannot even mount drives, let along reformat them or install ransomware type encryption.
Run puppy as root from a CD, with no HDD's and not save, along with having it in its own isolated LAN segment restricted from accessing other local PC's ... and fine. Run vlc, firefox ... whatever as root and that's more secure. Boot it up, go to your bank web site and nowhere else before or after and that's less likely to have been hacked than most setups. In other situations, much less safe, way below average (systems that run as user).
The better choice of puppy in your case would be one of the Dogs (fatdog, debiandog ...etc.). They are 'proper' 'nix that supports multi-user. Set it up to boot to user and use that to browse with, play vlc ...etc. and Ctrl-Alt-Fn to log in as root when you need to do system administration type stuff.
That all said, hackers get the book thrown at them if caught such that the deterrent level is high. Most of the often stated vulnerabilities are conceptual ... COULD be hacked. Potential breaches found via testing/inspection. Actual hacks are far far less common.
Your data is far more valuable than system programs that can be easily replaced. As ever the best policy is to have a good backup practice. Multiple copies including some being stored remotely (and disconnected). When you have good backups then you can be more blasé if you're relatively unconcerned about the privacy of the content of your data/stuff.
I like to say that security is a process, not a product. Nothing is truly safe, all you can do is adopt the best practice for your individual situation. Too safe becomes impossible to use functionally, too lax and you're inviting trouble. The more common middle ground is to run as user (restricted) and maintain good backups. That is a average however and as per most averages there are varying degrees of individual cases either side of that average.
If the weakness permits arbitrary code to be executed then they're effectively in at the command level. If that is root ... they can pretty much do anything, look around for what drives are available (hidden mount command isn't much of a issue as they could pull down and execute a refined binary to search for and mount things without needing the local hosts version of mount).
Not only are your HDD's at risk, but also any PC's on the same LAN that a hack might look to propagate into.
Conventional 'nix simply runs more restricted userids to browse with ...etc. That way if a hack breaks out to command level it still is restricted i.e. user cannot even mount drives, let along reformat them or install ransomware type encryption.
Run puppy as root from a CD, with no HDD's and not save, along with having it in its own isolated LAN segment restricted from accessing other local PC's ... and fine. Run vlc, firefox ... whatever as root and that's more secure. Boot it up, go to your bank web site and nowhere else before or after and that's less likely to have been hacked than most setups. In other situations, much less safe, way below average (systems that run as user).
The better choice of puppy in your case would be one of the Dogs (fatdog, debiandog ...etc.). They are 'proper' 'nix that supports multi-user. Set it up to boot to user and use that to browse with, play vlc ...etc. and Ctrl-Alt-Fn to log in as root when you need to do system administration type stuff.
That all said, hackers get the book thrown at them if caught such that the deterrent level is high. Most of the often stated vulnerabilities are conceptual ... COULD be hacked. Potential breaches found via testing/inspection. Actual hacks are far far less common.
Your data is far more valuable than system programs that can be easily replaced. As ever the best policy is to have a good backup practice. Multiple copies including some being stored remotely (and disconnected). When you have good backups then you can be more blasé if you're relatively unconcerned about the privacy of the content of your data/stuff.
I like to say that security is a process, not a product. Nothing is truly safe, all you can do is adopt the best practice for your individual situation. Too safe becomes impossible to use functionally, too lax and you're inviting trouble. The more common middle ground is to run as user (restricted) and maintain good backups. That is a average however and as per most averages there are varying degrees of individual cases either side of that average.
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)