Login and Security Manager

Was it yesterday that I posted that Woof has reached another "plateau" for awhile? Heh heh.

For awhile now, Puppy has had a Login Manager, in the System menu, but it doesn't do much. I have greatly enhanced it and renamed to Login & Security Manager.

Kirk and jamesbond pioneered running Internet applications as user 'spot' for FatDog, even though you yourself are logged in as the administrator (root). This provides extra security while surfing the web, while at the same time allowing you the convenience of unfettered usage of your local system.

I decided to take a fresh look at this, and have got SeaMonkey running very nicely as 'spot'. SM is the only Internet app so far with this new feature.

I have added the choice in the 3builddistro script in Woof, to default to SM running as root or spot.

There is a new Login & Security Manager that allows flipping SM between root or spot. Snapshot:


Of course, we do have 'fido', which can be chosen when the save-file is created. This will then mean that everything will run as fido, not root. However, this mode is still not fully debugged.

There is a new script in Woof, support/setup-spot, that gets copied to /usr/sbin in the Puppy build.

Woof commits:
http://bkhome.org/fossil/woof2.cgi/info/bd484a7933
http://bkhome.org/fossil/woof2.cgi/info/9ed8d37764


Posted on 2 Jun 2013, 2:02


Comments:

Posted on 2 Jun 2013, 3:01 by Sage
root v. user(s)
Guaranteed to confuse the natives. One guess why incomers like Puppy so much and have kept it so high in DW PHR all these years?! If it ain't broke, don't fix it.
Security is an illusion. Got to stay one jump ahead of the cyber criminals. Barriers are an inducement to jump over. Your best students are the ones who benefit so much from your excellent teaching that they end up doing better than you. ipso facto gotta think ahead all the time!


Posted on 2 Jun 2013, 8:30 by BarryK
"as root"
Hmmm, it was after midnight when I was putting the final touches to the Login & Security Manager.

Looking at that snapshot over breakfast this morning, I think the disclaimer needs to be toned down a bit. Just taking out the "as root" should do it -- otherwise, it reads like the user is taking some kind of risk running as root, which is not the message we want to convey.

Maybe even a help button that goes to that very long Forum thread that discusses the pros and cons of root, would be helpful.

Is there a Forum thread that discusses the advantages of spot?



Posted on 2 Jun 2013, 19:32 by BarryK
Login and Security Manager improved
I have improved the Login and Security Manager GUI and re-uploaded the snapshot -- you might need to refresh this page.

I have created two new help pages in Puppy, accessed by those Help buttons.

I have also uploaded those help pages to puppylinux.com:

About root, spot and fido
http://puppylinux.com/technical/root.htm

...makes a pretty good argument for using spot, hey?

Puppy Linux Legal statements
http://puppylinux.com/legal.htm

Woof commit:
http://bkhome.org/fossil/woof2.cgi/info/03e38f43a1



Posted on 3 Jun 2013, 2:25 by jamesbond
Root vs spot
That's a good write-up. I was a little late to mention this information, but for whatever it is worth, it is here: http://distro.ibiblio.org/fatdog/web/faqs/login.html - it's the same idea as what's written in your document.

It's a little long - but TL;DR is:
===
when you run network programs as 'spot' (which has very few rights), if those programs are broken and somebody gets hold of your machine remotely, the only thing they can clobber is spot's stuff (home directory, etc), they can't get elsewhere.

Of course, for this to work, the key is to make sure that 'spot' cannot too much.
===

In Fatdog, the run-as-spot has been consolidated as a script. No need to change permissions on /root folders etc. If you are interested I have posted the script here: http://murga-linux.com/puppy/viewtopic.php?p=706618#706618.

cheers!



Posted on 3 Jun 2013, 2:40 by ted dog
Spot less
Please review spot in FatDog64 and please move it out from under root folder, also, make it clear that files will corrupt while downloading if spot (AKA like FatDog64) permissions are changed with a automated daemon.
I do not care for the issues this method of protecting me from myself causes. However do look at FatDog64 sandbox methods as a way to run spot and root at the same time.


Posted on 3 Jun 2013, 4:44 by Sage
Ahem
"if those programs are broken and somebody gets hold of your machine remotely, the only thing they can clobber is spot's stuff (home directory, etc)"

If I were running as spot, which I'd never do willingly with Puppies, the only thing I wouldn't want clobbered would be my home directory. Everything else is common and can be reinstalled.

The entire edifice is unnecessary with a compact distro. Paranoids have the option of running from liveCD, or USB key/SDcard with the switch down. Career criminals will be way ahead of the game because the mob pays most. If they screw up, it's curtains.

Apart from which, despite the misdirection about government agencies having legitimate access to cyber data, I never heard (one doesn't anyway) that the US and UK/EU agencies switched off Carnivore and Echelon (or their successors). Nor, for that matter, that the M$ server farm in Hanford. striving to 'provide a better software experience' for it's patrons, stopped saving everything ever transmitted (and a lot that isn't) for users of their appalling $$$-generating cr*p.

So let's have a rational discussion about what our greedy snooping society is really like rather what we'd like it to be. 'They' already know who you are and where you live and probably what you've got (haven't got?!) in your bank.

Spot & Fido begone.


Posted on 3 Jun 2013, 9:03 by BarryK
re why root
jamesbond,
Thanks for that link, is explains root and spot very nicely, better laid out than mine I think, with the Q&A format and nice colours.

I have added a link to it in my page:
http://puppylinux.com/technical/root.htm



Posted on 3 Jun 2013, 16:14 by step
spot and portable tor-browser
I su spot all the time to be able to run portable tor-browser, which refuses to start as root. Of course user/group spot needs to own the unpacked archive unpacked archive tree. Perhaps portable tor-browser could be a good test case or reference for Barry's recent commits.


Posted on 3 Jun 2013, 17:23 by L 18 L
passwords
For me the most interesting in fatdog/faq was:
gtksu ask for root password, not user's password




Posted on 5 Jun 2013, 16:46 by BarryK
Login&Security Manager rewritten
I have substantially rewritten 'loginmanager' and 'setup-spot', to generalise the handling of apps to be run as spot.

This was inspired by 'run-as-spot' written by jamesbond, which I have put into Woof, /usr/sbin/run-as-spot, with tiny changes.

I rewrote loginmanager and setup-spot to handle any number off apps that we would want to run as spot, with the ability to revert to root.

Woof commits, latest first:
http://bkhome.org/fossil/woof2.cgi/info/e6302b7af7
http://bkhome.org/fossil/woof2.cgi/info/61fef2c12d