Linux and Free Software :: DSL vs. Puppy Linux

Like most concessions to convenience, it's only going to be as secure or insecure as you make it. It's insecure if your computer boots straight into X as user dsl -- anyone who turns on your computer has root access, whether you want that person to have it or not.

It would certainly make development easier if I made everything run as root. In fact, when I first joined DSL development, I added user damnsmall and later renamed it to dsl. I still think that that is preferable and was a proper decision.

If friendliness is defined as not having to know or understand *nix permissions, thus running your system ala early Windows versions, then count me out.

On the otherhand, a live CD needs to have sudo ala Knoppix.
I added the boot option secure to prompt for a root and dsl password. And by adding to .filetool.lst you can have these values persist.

There certainly could be hardening of the traditional hard drive installation but that is not the development direction that I am pursuing. If it is your choice to use a traditional hard drive installation there are better small hard drive installers for current Debian based system.

You need to draw the line somewhere. I don't think DSL or Knoppix is off on what we have provided.

Quote

There certainly could be hardening of the traditional hard drive installation... I don't think DSL or Knoppix is off on what we have provided.

My idea of "hardening" also includes booting dsl secure in frugal installs. I hope to have time to finish my hardening/security page this weekend (especially if it doesn't stop raining here).

I also don't think DSL or Knoppix are "off" for using sudo. I'm not a fan of sudo for a lot of reasons (such as an attacker only needing a user password to make changes; an attacker doesn't even need a password in DSL frugal without secure which is why I think that should be a default setting), but I also see it as a convenience and a way to restrict what different users can do on a system without giving them root password/access.

Quote

anyone who turns on your computer has root access

Although I haven't used it myself, it seems that encryption is about the only way to really protect your data, since you mention local access. A user could have his own liveCD, or add/remove boot options to override your passwords or log in as root if you have frugal-grub.

Quote

it seems that encryption is about the only way to really protect your data

True, and that goes for whatever OS you run. A live CD can be a useful tool in good hands or it can mean serious compromise of a system in bad hands. There's not much that can be done to prevent such access aside from setting BIOS to not boot from CDROM (which, of course, can be changed easily back so at best it's a small hurdle). And in most cases, even encrypted files wouldn't be completely safe from deletion or attempts at file corruption with live CD access. (That's a case for non-localized backups and for using an application like truecrypt or even steganography to hide data in a hidden block or in files where it would presumably be out of open sight from attackers.)

Running frugal on a dual boot system without using the secure cheatcode allows anyone who boots DSL to access other partitions. As secure as the read-only frugal partition is (reboot! restore!), it does nothing to protect the data on any other partition on the system. That's one of the specific issues I raise in my hardening paper.

Next Page...
original here.