View previous topic :: View next topic |
Author |
Message |
ayeyes Tux's lil' helper
Joined: 03 Dec 2017 Posts: 104
|
Posted: Thu May 31, 2018 6:42 am Post subject: Regarding SystemrescueCD |
|
|
Hi!
If used it and rebooting it, it is always like a "fresh" flash?
As in nothing on the USB stick can become modified by using it?
Not possible to register at the SystemresuceCD forum. |
|
Back to top |
|
|
i4dnf Apprentice
Joined: 18 Sep 2005 Posts: 271 Location: Bucharest, Romania
|
|
Back to top |
|
|
ayeyes Tux's lil' helper
Joined: 03 Dec 2017 Posts: 104
|
Posted: Thu May 31, 2018 7:33 am Post subject: |
|
|
Thank you i4dnf!
Everything is run as root. Is that safe?
Quote: | The main filesystem in SystemRescueCd is aufs, so changes on system files are allowed and stored in memory. It allows you to change a system file, for instance you can replace a program with your own version. |
|
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Thu May 31, 2018 3:00 pm Post subject: |
|
|
ayeyes wrote: | Everything is run as root. Is that safe? |
ayeyes ... generally speaking no, *nix is all about seperation of privilages. If doing anything that requires I have an X session, or network, I do the following:
Code: | # useradd -g users -G wheel,audio,cdrom,video -m khayyam
# passwd khayyam
# exec su - khayyam |
best ... khay |
|
Back to top |
|
|
ayeyes Tux's lil' helper
Joined: 03 Dec 2017 Posts: 104
|
Posted: Thu May 31, 2018 5:05 pm Post subject: |
|
|
khayyam wrote: | ayeyes wrote: | Everything is run as root. Is that safe? |
ayeyes ... generally speaking no, *nix is all about seperation of privilages. If doing anything that requires I have an X session, or network, I do the following:
Code: | # useradd -g users -G wheel,audio,cdrom,video -m khayyam
# passwd khayyam
# exec su - khayyam |
best ... khay |
Thank you khay.
It is not possible to start xorg as the user I created. It only starts with root. Could one say that SystemrescueCD is not safe to use with xorg?
+ I forgot about xinit. Will try after food.
++ It fails to load i915.ko. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Thu May 31, 2018 8:23 pm Post subject: |
|
|
ayeyes wrote: | It is not possible to start xorg as the user I created. It only starts with root. Could one say that SystemrescueCD is not safe to use with xorg? |
ayeyes ... my version of sysresccd may be some releases behind that available for download currently, and so something may have changed. It's also been some time since I started an X session, and so I might be missing something (ie, an 'input' group). Using root is always a risk, but I wouldn't advise runing firefox as root ... which, along with nm-applet, is really the only reason to 'startx' for most people.
best ... khay |
|
Back to top |
|
|
ayeyes Tux's lil' helper
Joined: 03 Dec 2017 Posts: 104
|
Posted: Fri Jun 01, 2018 7:38 pm Post subject: |
|
|
Safest to use, for example an Ubuntu Live CD I think, if one is going to use X, as Ubuntu Live doesn't run X as root. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Mon Jun 04, 2018 6:05 pm Post subject: |
|
|
ayeyes wrote: | It is not possible to start xorg as the user I created. It only starts with root. Could one say that SystemrescueCD is not safe to use with xorg? | khayyam wrote: | Using root is always a risk, but I wouldn't advise runing firefox as root ... which, along with nm-applet, is really the only reason to 'startx' for most people. | sysresccd only has netsurf, with javascript disabled.. unless something's changed^W^W someone's lost their marbles. ;)
Loss of data (aka "data theft") is the issue, which applies much more to a user account on a running machine, than it does to a live-disk running in a rootfs, continually reloaded from readonly-storage with the same data every other copy on the web has, with no disks mounted (and thus no data even accessible at OS level without explicit operator command.)
Given that sysresccd is continually rebuilt from sources, and that it is restricted by comparison to other live-disks (since it is not a showcase, but an admin tool), and the nature of its userbase meaning that they'd be the first to notice, and to make an issue of, any malware; I have to say, I trust it far more than a standard bindist livedisk, especially one with systemdbust baked-in.
The latter presents a much juicier target for a cracker, precisely because it is aimed at the mythical "end-user" and so has much more bloat "just in case" someone ever needs it, and because it tends to be the distributed reference-point for so much longer, and additionally tends to have all that "convenience" stuff to automount your disks, activate every device however dubious, and so on.
All baked on binary and distributed around the globe by manic marketeers..
None of which is even on the radar for sysresscd.
Nice targets: any time someone's browser downloads a file from your phishing site (for whatever reason: they don't need to be browsing it), you know exactly what bloat-browser ids to look for, can nip in and steal their data in the time it takes for them to think "oh the net's a bit laggy today", and be gone.
Nearly as juicy as a mobile-phone.. ;)
Remember: no updates for 6 months, typically.
Lovely binary reference-point to target, with all those "convenience" "abstraction layers" solving concerns no one had, apart from some "html-developer" ^W "desktop expert" who doesn't (want to) understand the term "X-Y problem". |
|
Back to top |
|
|
ayeyes Tux's lil' helper
Joined: 03 Dec 2017 Posts: 104
|
Posted: Tue Jun 05, 2018 12:37 pm Post subject: |
|
|
Thank you. Well written.
Firefox ESR replaced Netsurf in April 2017. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Tue Jun 05, 2018 1:30 pm Post subject: |
|
|
steveL wrote: | sysresccd only has netsurf, with javascript disabled.. unless something's changed^W^W someone's lost their marbles. |
I have two sysrescuecd's with different browsers. Neither is netsurf. Can't recall the names without booting.
One is iguana or chameleon or something like that. It's all green. That's the version that doesn't support UEFI.
They seem to change the browser a lot. I don't worry because I only access the gentoo manual with it. Yes, that can be compromised, but a burglar can be waiting with a gun when I get home too and I don't worry about that, either. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Tue Jun 05, 2018 2:03 pm Post subject: |
|
|
You seem to be intent on using system rescue cd as a normal-use system. That's not what it's for. It's a way to fix your broken system, or install a fresh system. The tools on it are oriented toward the specific tasks related to system maintenance and configuration, and data rescue.
In the context given, it's relatively safe to use the X that's present, although I always use the command line because that's what I know best.
I think that if you want a system to do normal tasks on and want to persist data and application changes, then you probably want to look at something else. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Jun 05, 2018 2:41 pm Post subject: |
|
|
Tony0945 wrote: | I don't worry because I only access the gentoo manual with it. |
1clue wrote: | You seem to be intent on using system rescue cd as a normal-use system. That's not what it's for. It's a way to fix your broken system, or install a fresh system. The tools on it are oriented toward the specific tasks related to system maintenance and configuration, and data rescue. |
1clue ... that's clearly a strawman. There is no reason for you to take that as Tony0945's "intent", in fact "access[ing] the gentoo manual" is most obviously a sign that its being used in the way you suggest.
best ... khay |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Tue Jun 05, 2018 4:12 pm Post subject: |
|
|
khayyam wrote: | Tony0945 wrote: | I don't worry because I only access the gentoo manual with it. |
1clue wrote: | You seem to be intent on using system rescue cd as a normal-use system. That's not what it's for. It's a way to fix your broken system, or install a fresh system. The tools on it are oriented toward the specific tasks related to system maintenance and configuration, and data rescue. |
1clue ... that's clearly a strawman. There is no reason for you to take that as Tony0945's "intent", in fact "access[ing] the gentoo manual" is most obviously a sign that its being used in the way you suggest.
best ... khay |
Khayyam, I replied to the original post. Nothing that Tony0945 said. No strawman.
IMO the only reason that people would want to save their work when using a system rescue cd is if they intend to use it as a normal system. I posted my understanding of the use the OP was putting the cd to, and it's either wrong or right. If it's wrong I'm done here.
I will not get into the whole strawman bullshit with you yet again. Don't try to politicize a discussion just because you feel like getting into an argument. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Jun 05, 2018 5:16 pm Post subject: |
|
|
1clue wrote: | Khayyam, I replied to the original post. Nothing that Tony0945 said. No strawman. |
1clue ... in which case you should quote what it is you're replying to, otherwise any reasonable person would assume it's the previous post, and not ten posts prior.
1clue wrote: | IMO the only reason that people would want to save their work when using a system rescue cd is if they intend to use it as a normal system. I posted my understanding of the use the OP was putting the cd to, and it's either wrong or right. If it's wrong I'm done here. |
OK, but then use of a backing store is a supported configuration, so your "that's not what it's for", and chiding of the OP for wanting such a thing, makes no sense.
1clue wrote: | I will not get into the whole strawman bullshit with you yet again. Don't try to politicize a discussion just because you feel like getting into an argument. |
Oh please ... I guess that means you're reneging your private and public apology for "trolling" all involved on that particular occasion?
best ... khay |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Tue Jun 05, 2018 5:22 pm Post subject: |
|
|
1clue wrote: | I think that if you want a system to do normal tasks on and want to persist data and application changes, then you probably want to look at something else. | Agreed, in general.
If you're looking for a live-distro to stick on an admin USB, though, sysresccd is definitely the one. (and you might want persistence then.)
You should definitely keep it updated though.
For the reasons given, I'd be very wary of trusting a bindist live-CD for anything more than a review of what they're up to, and perhaps an installation.
@khay and 1clue: do we have to revisit old arguments? Why not just let it drop.. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Tue Jun 05, 2018 5:36 pm Post subject: |
|
|
khayyam wrote: | 1clue wrote: | Khayyam, I replied to the original post. Nothing that Tony0945 said. No strawman. |
1clue ... in which case you should quote what it is you're replying to, otherwise any reasonable person would assume it's the previous post, and not ten posts prior.
|
Possibly, but it's not a crime to read the first post and reply without quoting.
Quote: |
1clue wrote: | IMO the only reason that people would want to save their work when using a system rescue cd is if they intend to use it as a normal system. I posted my understanding of the use the OP was putting the cd to, and it's either wrong or right. If it's wrong I'm done here. |
OK, but then use of a backing store is a supported configuration, so your "that's not what it's for", and chiding of the OP for wanting such a thing, makes no sense.
|
I think we can agree that reasonable uses of a backing store would constitute an advanced use case, and also that the sort of questions being asked in the original post in this thread are not the sort of questions asked by an advanced user.
It's still possible that the user has something advanced in mind, but it's unlikely in my opinion.
Quote: |
1clue wrote: | I will not get into the whole strawman bullshit with you yet again. Don't try to politicize a discussion just because you feel like getting into an argument. |
Oh please ... I guess that means you're reneging your private and public apology for "trolling" all involved on that particular occasion?
best ... khay |
I apologized for trolling on that particular occasion. This is a different occasion and I'm not the one trolling. I answered a question with a qualification, addressing the original poster and noone else. I did not address you or anyone else in this thread, and here you're attacking me over semantics.
There is no strawman, there is no ill intent from me to the original poster. Had you not got into your strawman bullshit then there would be no ill will from me toward any user on this forum, nor any attempt to derail a topic as you have so successfully done right now. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Tue Jun 05, 2018 5:48 pm Post subject: |
|
|
steveL wrote: | @khay and 1clue: do we have to revisit old arguments? Why not just let it drop.. |
I'm not trying to bring up old crap. More than happy to drop it, and remove useless posts in this thread. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Jun 06, 2018 12:13 am Post subject: |
|
|
OK, guys, no flame war.
EDIT:
Don't care who's right and who's wrong. Got my own ideas on that but further deponent sayeth not. No flame war. |
|
Back to top |
|
|
|