installation kit modified during installation

Michael Hudson-Doyle michael.hudson at canonical.com
Mon Sep 7 21:02:25 UTC 2020 

On Sat, 29 Aug 2020 at 01:25, Doru Georgescu <headset001 at yahoo.com> wrote:

> Short version:
>
> Byte 480 of the Ubuntu desktop 20.04.1 LTS installation kit has been
> modified during installation. Is this by design?
>

Yes, the logs of the installation process are now written to the USB stick
by default. I guess the change you see at byte 480 is the change to the
partition table.


> Detailed version:
>
> I use to create my usb stick install kit with:
>
> # dd if=downloads/ubuntu-20.04.1-desktop-amd64.iso of=/dev/sdd
> and it worked for me.
>
> I also use to verify the install kit before and after install with:
>
> # cmp downloads/ubuntu-20.04.1-desktop-amd64.iso /dev/sdd
> and this also worked for me until now. It exits with end of file error,
> because the kit is shorter than /dev/sdd.
>
> Now, however, for the first time, there is a difference after install at
> byte 480, line 4.
>
> The kit has been created on a compromised system.
>
> However, I have doubts that it has been modified by malicious code.
>
> So I ran:
>
> # mount /dev/sdd1 mnt
> # mount -o loop ubuntu-20.04.1-desktop-amd64.iso mnt1
> # find mnt/ -exec bash -c 'file={}; cmp $file ${file/mnt/mnt1}' \; | grep
> differ
> and found no difference, only that cmp does not compare directories.
>
> # lsblk -fm /dev/sdd
> NAME FSTYPE LABEL UUID                                 FSAVAIL FSUSE%
> MOUNTPOINT  SIZE OWNER GROUP MODE
> sdd  iso966 Ubuntu 20.04.1 LTS amd64
> │                 2020-07-31-16-51-12-00
>         7,2G root  disk  brw-rw----
> ├─sdd1
> │    iso966 Ubuntu 20.04.1 LTS amd64
> │                 2020-07-31-16-51-12-00
>         2,6G root  disk  brw-rw----
> ├─sdd2
> │    vfat         C26E-047E
>        3,9M root  disk  brw-rw----
> └─sdd3
>      ext4   writable
>                   a83a9b1c-36cb-4312-9aba-0359f74c0374
>         4,7G root  disk  brw-rw----
>

This writable directory was created during installtion.


> What could be the cause? Should I worry about this?
>

No :)

Cheers,
mwh


> Also aked here:
> https://askubuntu.com/questions/1269405/installation-kit-modified-during-install-is-this-a-security-issue
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20200908/f3637718/attachment.html>

More information about the Ubuntu-devel-discuss mailing list