Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (4) </ 1 2 3 [4] >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: DSL vs. Puppy Linux, ultimate lightweight distro< Next Oldest | Next Newest >
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 21 2007,22:27 QUOTE

Like most concessions to convenience, it's only going to be as secure or insecure as you make it. It's insecure if your computer boots straight into X as user dsl -- anyone who turns on your computer has root access, whether you want that person to have it or not.

--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: June 21 2007,22:48 QUOTE

It would certainly make development easier if I made everything run as root. In fact, when I first joined DSL development, I added user damnsmall and later renamed it to dsl. I still think that that is preferable and was a proper decision.

If friendliness is defined as not having to know or understand *nix permissions, thus running your system ala early Windows versions, then count me out.

On the otherhand, a live CD needs to have sudo ala Knoppix.
I added the boot option secure to prompt for a root and dsl password. And by adding to .filetool.lst you can have these values persist.

There certainly could be hardening of the traditional hard drive installation but that is not the development direction that I am pursuing. If it is your choice to use a traditional hard drive installation there are better small hard drive installers for current Debian based system.

You need to draw the line somewhere. I don't think DSL or Knoppix is off on what we have provided.
Back to top
Profile PM WEB 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 22 2007,01:01 QUOTE

Quote
There certainly could be hardening of the traditional hard drive installation... I don't think DSL or Knoppix is off on what we have provided.

My idea of "hardening" also includes booting dsl secure in frugal installs. I hope to have time to finish my hardening/security page this weekend (especially if it doesn't stop raining here).

I also don't think DSL or Knoppix are "off" for using sudo. I'm not a fan of sudo for a lot of reasons (such as an attacker only needing a user password to make changes; an attacker doesn't even need a password in DSL frugal without secure which is why I think that should be a default setting), but I also see it as a convenience and a way to restrict what different users can do on a system without giving them root password/access.


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: June 22 2007,01:30 QUOTE

Quote
anyone who turns on your computer has root access
Although I haven't used it myself, it seems that encryption is about the only way to really protect your data, since you mention local access. A user could have his own liveCD, or add/remove boot options to override your passwords or log in as root if you have frugal-grub.


--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 22 2007,02:31 QUOTE

Quote
it seems that encryption is about the only way to really protect your data

True, and that goes for whatever OS you run. A live CD can be a useful tool in good hands or it can mean serious compromise of a system in bad hands. There's not much that can be done to prevent such access aside from setting BIOS to not boot from CDROM (which, of course, can be changed easily back so at best it's a small hurdle). And in most cases, even encrypted files wouldn't be completely safe from deletion or attempts at file corruption with live CD access. (That's a case for non-localized backups and for using an application like truecrypt or even steganography to hide data in a hidden block or in files where it would presumably be out of open sight from attackers.)

Running frugal on a dual boot system without using the secure cheatcode allows anyone who boots DSL to access other partitions. As secure as the read-only frugal partition is (reboot! restore!), it does nothing to protect the data on any other partition on the system. That's one of the specific issues I raise in my hardening paper.


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
19 replies since May 26 2007,01:02 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (4) </ 1 2 3 [4] >/
reply to topic new topic new poll
Quick Reply: DSL vs. Puppy Linux

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code