sudo in v2.3 secure

[dogflap]

Dear all,
       Please be kind, I don't know much and maybe this is not a problem but I note that when booting v2.3 as "tinycore secure" I have full root powers but no request for a password simply by prefixing commands with "sudo ". Using visudo to edit /etc/sudoers user tc to the same as root fixes this but then I can't install or use firefox.tz.  Any suggestion ?

      My main use for this live distro would be online banking.

Best regards dogflap.
   

[roberts]

A live distro for online banking? I would not suggest such.

However, if that is your goal, a remaster with preselected applications, without the ability to dynamically load extensions, thus allowing no sudo would be in order.

[dogflap]

Dear Mr? Roberts,

       Thank you for your input. No doubt you are right.  My thought was a live cd is read only, my hard drive is disconnected (I use an icute i-swap mobile sata rack that makes this easy) and everything runs in ram so that worst case any nasties only last for a session.

Best regards dogflap

[dogflap]

Dear Roberts,

       could it be that you are in fact Robert S as in Robert Shingledecker ?
Please accept my appologies for any unintended slight.

Best regards  dogflap.

[bmarkus]

A live distro for online banking? I would not suggest such.

Why? A live distro do not leave temp files, cache, etc. on a hard disk drive to recover sensitive data after use, less chance to get the original media, specially a CD to get infected, etc. Maybe I'm wrong, but for me it seems to be secure, at least as secure as an installed system.

[Guy]

a live cd is read only, my hard drive is disconnected

You can make a live CD with the programs you want.

http://wiki.tinycorelinux.com/tiki-index.php?page=Integrating_extensions

/modified-cd.html][removed due to policy violation]/modified-cd.html

[roberts]

I believe the questrion was regarding the use of live cd, sudo, and dynamically loading extensions.
My suggestion, for an online banking,  was to make a remaster with preselected applications and then remove sudo. I can't see what is controversial about that.

[tclfan]

A live distro for online banking? I would not suggest such.

Why? A live distro do not leave temp files, cache, etc. on a hard disk drive to recover sensitive data after use, less chance to get the original media, specially a CD to get infected, etc. Maybe I'm wrong, but for me it seems to be secure, at least as secure as an installed system.

In complete agreement with your comment that LiveCD should be just perfect for online banking, I just want to add that in fact it should be safer than installed system to use for this purpose.  With installed system you do not have the pristine state each time you boot and in fact you never knowif  any viruses, trojans, rootkits or keyloggers had a chance to implant themselves. Prticularly with Windows, where being connected to the Internet alone exposes you to these threats constantly. Antivirus tools are only effective to some extent, so you are never sure 100%. Rootkits hide beneath the OS and are not visible to trojan and virus detection software.
With LiveCD pristine state you do not have this uncertainty, as the exposure is reduced to only the current session and if you are not browsing dangerous sites before online banking, the online banking should be as safe as can be.
Fact is that password on sudo would further enhance security level and is therefore quite valuable. This is what the originator of this thread is asking for...

[jpeters]

You could always remaster without autologin with password set in /etc/passwd, etc/shadow.
There's a noautologin script; just make the iso.  

[^thehatsrule^]

No need to remaster: "noautologin" is available as a boot option