Re: installation kit modified during installation

2020-09-07 Thread Michael Hudson-Doyle 
On Sat, 29 Aug 2020 at 01:25, Doru Georgescu  wrote:

> Short version:
>
> Byte 480 of the Ubuntu desktop 20.04.1 LTS installation kit has been
> modified during installation. Is this by design?
>

Yes, the logs of the installation process are now written to the USB stick
by default. I guess the change you see at byte 480 is the change to the
partition table.


> Detailed version:
>
> I use to create my usb stick install kit with:
>
> # dd if=downloads/ubuntu-20.04.1-desktop-amd64.iso of=/dev/sdd
> and it worked for me.
>
> I also use to verify the install kit before and after install with:
>
> # cmp downloads/ubuntu-20.04.1-desktop-amd64.iso /dev/sdd
> and this also worked for me until now. It exits with end of file error,
> because the kit is shorter than /dev/sdd.
>
> Now, however, for the first time, there is a difference after install at
> byte 480, line 4.
>
> The kit has been created on a compromised system.
>
> However, I have doubts that it has been modified by malicious code.
>
> So I ran:
>
> # mount /dev/sdd1 mnt
> # mount -o loop ubuntu-20.04.1-desktop-amd64.iso mnt1
> # find mnt/ -exec bash -c 'file={}; cmp $file ${file/mnt/mnt1}' \; | grep
> differ
> and found no difference, only that cmp does not compare directories.
>
> # lsblk -fm /dev/sdd
> NAME FSTYPE LABEL UUID FSAVAIL FSUSE%
> MOUNTPOINT  SIZE OWNER GROUP MODE
> sdd  iso966 Ubuntu 20.04.1 LTS amd64
> │ 2020-07-31-16-51-12-00
> 7,2G root  disk  brw-rw
> ├─sdd1
> │iso966 Ubuntu 20.04.1 LTS amd64
> │ 2020-07-31-16-51-12-00
> 2,6G root  disk  brw-rw
> ├─sdd2
> │vfat C26E-047E
>3,9M root  disk  brw-rw
> └─sdd3
>  ext4   writable
>   a83a9b1c-36cb-4312-9aba-0359f74c0374
> 4,7G root  disk  brw-rw
>

This writable directory was created during installtion.


> What could be the cause? Should I worry about this?
>

No :)

Cheers,
mwh


> Also aked here:
> https://askubuntu.com/questions/1269405/installation-kit-modified-during-install-is-this-a-security-issue
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

installation kit modified during installation

2020-08-28 Thread Doru Georgescu 
Short version: 

Byte 480 of the Ubuntu desktop 20.04.1 LTS installation kit has been modified 
during installation. Is this by design? 

Detailed version: 

I use to create my usb stick install kit with:

# dd if=downloads/ubuntu-20.04.1-desktop-amd64.iso of=/dev/sdd
and it worked for me.

I also use to verify the install kit before and after install with:

# cmp downloads/ubuntu-20.04.1-desktop-amd64.iso /dev/sdd
and this also worked for me until now. It exits with end of file error, because 
the kit is shorter than /dev/sdd.

Now, however, for the first time, there is a difference after install at byte 
480, line 4.

The kit has been created on a compromised system.

However, I have doubts that it has been modified by malicious code.

So I ran:

# mount /dev/sdd1 mnt
# mount -o loop ubuntu-20.04.1-desktop-amd64.iso mnt1
# find mnt/ -exec bash -c 'file={}; cmp $file ${file/mnt/mnt1}' \; | grep differ
and found no difference, only that cmp does not compare directories.

# lsblk -fm /dev/sdd
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% 
MOUNTPOINT  SIZE OWNER GROUP MODE
sdd  iso966 Ubuntu 20.04.1 LTS amd64
│ 2020-07-31-16-51-12-00
  7,2G root  disk  brw-rw
├─sdd1
│iso966 Ubuntu 20.04.1 LTS amd64
│ 2020-07-31-16-51-12-00
  2,6G root  disk  brw-rw
├─sdd2
│vfat C26E-047E 
  3,9M root  disk  brw-rw
└─sdd3
 ext4   writable
  a83a9b1c-36cb-4312-9aba-0359f74c0374  
  4,7G root  disk  brw-rw
What could be the cause? Should I worry about this?

Also aked here: 
https://askubuntu.com/questions/1269405/installation-kit-modified-during-install-is-this-a-security-issue
 

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss