Linked by Howard Fosdick on Sat 17th Dec 2011 00:26 UTC
Linux Without corporate backing or advertising, Puppy Linux has become one of the world's ten most popular Linux distributions. In the past few months Puppy has whelped a litter of like systems, each with its own unique DNA. This article summarizes Puppy and then describes the new brood.
Permalink for comment 500356
To read all comments associated with this story, please click here.
Security
by ozonehole on Sat 17th Dec 2011 01:23 UTC
ozonehole
Member since:
2006-01-07

I hesitate to make this comment because I know exactly what's going to happen, but here goes...

Puppy always runs as root without a password. Yes, it is possible (if you open a terminal and use the command line) to login as unprivileged user "spot" (again, without a password). "Spot" can launch apps at the command line, but the graphic desktop will always belong to root. And most users will not go to the trouble to become spot, they will just launch apps as root. Many have pointed out that this is a risky strategy in terms of security. Puppy lacks the tools to configure it as you would most distros - running the desktop and all apps as an unprivileged user.

This issue has been mentioned about a million times already in numerous Linux forums. Usually within minutes after somebody raises the issue, Puppy fans jump in and insist that Puppy is perfectly secure, surfing the Internet as root poises no security risk at all, and if you don't agree with them you are a "Puppy-hater" and deserve to die. I've found myself in this argument so many times now that it's gotten weary, which is why I hesitate to post this.

Nevertheless, reality is that surfing the net as root carries some real risks, whether Puppy users wish to admit it or not. I would never do online banking or credit card purchases with Puppy for this reason.

This does not mean I hate Puppy. I used it for quite a while on my netbook, though lately I've found other alternatives which I prefer. I still keep a Puppy CD and USB stick around just in case I need an emergency boot-up device to rescue data or fix a broken installation. Puppy does have many endearing features - I understand why people like it.

Now, if somebody would just fix this security problem, I'd probably be using it on an everyday basis.

My advice about ANY distro is that people should not get emotional about it. I've used quite a few distros since I started with Linux over 10 years ago. Every distro has some flaw - either you learn to live with it, or ask the developers to fix it (if you can't fix it yourself), or move on to another distro. But denying the flaw won't make it go away, even if the denial makes you feel better.

Edited 2011-12-17 01:34 UTC

Reply Score: 14