Software updater snuck in a package that is unwanted
Bret Busby
bret at busby.net
Tue Oct 17 16:54:15 UTC 2017
I have had to create this reply using the source code to the message to
which I am responding, as the message to whioch I am responding, is not
using plain text format, which is used by my email application, and,
thence, the message to which I am responding, appears as an attachment
to the reply that I am writing and posting.
On Tue, 17 Oct 2017, Oliver Grawert wrote:
> Return-Path: <ubuntu-users-bounces at lists.ubuntu.com>
> Delivered-To: bret at busby.net
> Received: from cp-41.webhostbox.net
> by cp-41.webhostbox.net (Dovecot) with LMTP id Eeb5KGgv5lkR5goAzadgaQ
> for <bret at busby.net>; Tue, 17 Oct 2017 16:27:20 +0000
> Return-path: <ubuntu-users-bounces at lists.ubuntu.com>
> Envelope-to: bret at busby.net
> Delivery-date: Tue, 17 Oct 2017 16:27:20 +0000
> Received: from huckleberry.canonical.com ([91.189.94.19]:53928)
> by cp-41.webhostbox.net with esmtp (Exim 4.89)
> (envelope-from <ubuntu-users-bounces at lists.ubuntu.com>)
> id 1e4Ui8-002zml-0y
> for bret at busby.net; Tue, 17 Oct 2017 16:27:20 +0000
> Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
> by huckleberry.canonical.com with esmtp (Exim 4.86_2)
> (envelope-from <ubuntu-users-bounces at lists.ubuntu.com>)
> id 1e4UhL-0001es-QC; Tue, 17 Oct 2017 16:26:31 +0000
> Received: from mail-wm0-f44.google.com ([74.125.82.44])
> by huckleberry.canonical.com with esmtps
> (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
> (envelope-from <oliver.grawert at GOOGLEMAIL.com>) id 1e4UhJ-0001dr-OJ
> for ubuntu-users at lists.ubuntu.com; Tue, 17 Oct 2017 16:26:29 +0000
> Received: by mail-wm0-f44.google.com with SMTP id q132so5078522wmd.2
> for <ubuntu-users at lists.ubuntu.com>; Tue, 17 Oct 2017 09:26:29 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=googlemail.com; s=20161025;
> h=sender:message-id:subject:from:to:date:in-reply-to:references
> :mime-version; bh=t2FZYW1WimLY03LoNVOUJZpLFtzcqZ3AP+2RaXSJRSs=;
> b=BEbnml/aekJduKVeMNqRkHIpvwgWCH/xhWObSTmwJy3OeBAFaK/75RYJ0Q/WltpAeL
> 9ujtyK3Kzl8A0mP4C7XTOM2u1Ii+KnIBjXgAInPsxoWb+XGroFjlCwAxsoqh/9lw3Tlz
> 1cgFdxRiz8CEg6f5vJmiECVbfN3Spf5Qtmio1Kqz++IJMeqIsLplFLj3UewidcPK57mY
> RDoGGpLlDyTm7k+QsKdDcw+fwsCSbRBFKSZunfsMMJiADbUm8TsVBsKmRedq5j9ky4Ad
> Da2KMRdl5CpCEsyrdwPxL9MUpFtpnCmG9Q3zju1DTes/lQ73nWwwCYb2f55yc6rwTAH6
> kX6A==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=1e100.net; s=20161025;
> h=x-gm-message-state:sender:message-id:subject:from:to:date
> :in-reply-to:references:mime-version;
> bh=t2FZYW1WimLY03LoNVOUJZpLFtzcqZ3AP+2RaXSJRSs=;
> b=HzByEbKn+nUdy8MBauwB5kFwc2Oq0RvtzZZ6yBIi7MUb1kntWiTic/Lctl4lw8DX2t
> jQ8B5CoeyjliLg9gSuLNwq4WK8FC3Qg+cZWJzGNPOq0eP2cgBb9i0yke7ya17/g9ovTD
> /ToketRozHmnVoVtl30GDVZGSgSBOcH+I570UZSCVH1ayT/XmhknaQqcigm3EzYbAs52
> a20NqTwZbPZZYaS8NEovKzrgtEUcNXereGEf0xYJF3OaExtQY8D/JfVjBGUN43gIvpgY
> lAr+HLt94/sVxuwu96d0xdk8lc65yiv3T5g02HKehRDyY+pY19VVKmRzBw3bYiGcQoAz
> vfCQ==
> X-Gm-Message-State: AMCzsaU1bVZxFOGznYs5m2k3ZserWC+x86i/DkJ8gtT6W9Bkw6HJCAu/
> Uv3uxiThy8NmDPciQqO6M/bpGQ==
> X-Google-Smtp-Source:
> ABhQp+Rs14iJbk1hvMJE5HRm99kEac890DYGWExCExrVRROVMt+zE6MvUgcyuSUdleQHcbSGGO
> EE6Q==
> X-Received: by 10.28.16.209 with SMTP id 200mr4217275wmq.35.1508257589079;
> Tue, 17 Oct 2017 09:26:29 -0700 (PDT)
> Received: from styx (p5B26E1BA.dip0.t-ipconnect.de. [91.38.225.186])
> by smtp.googlemail.com with ESMTPSA id
> e77sm15495835wmi.16.2017.10.17.09.26.27
> for <ubuntu-users at lists.ubuntu.com>
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
> Tue, 17 Oct 2017 09:26:27 -0700 (PDT)
> Message-ID: <1508257583.4339.13.camel at ubuntu.com>
> Subject: Re: Software updater snuck in a package that is unwanted
> From: Oliver Grawert <ogra at ubuntu.com>
> To: ubuntu-users at lists.ubuntu.com
> Date: Tue, 17 Oct 2017 18:26:23 +0200
> In-Reply-To:
> <CACX6j8NGQyE5Eb2ytCj=Gu5tAmCf+XcYVW_9j7y5dWcfV3GUtw at mail.gmail.com>
> References:
> <CACX6j8PdJKgqZfWC2HifharckT2vKGmUQ36gkLdJ8dA+mBnqyw at mail.gmail.com>
> <1508235325.5783.66.camel at ubuntu.com>
> <CAL=0gLutSgkp3w0pxhikTp5D2q4PUQV5ynxzgKz0gT-jHGSzcw at mail.gmail.com>
> <1508249942.5783.72.camel at ubuntu.com>
> <CACX6j8NGQyE5Eb2ytCj=Gu5tAmCf+XcYVW_9j7y5dWcfV3GUtw at mail.gmail.com>
> X-Mailer: Evolution 3.18.5.2-0ubuntu3.2
> Mime-Version: 1.0
> X-BeenThere: ubuntu-users at lists.ubuntu.com
> X-Mailman-Version: 2.1.20
> Precedence: list
> List-Id: "Ubuntu user technical support,
> not for general discussions" <ubuntu-users.lists.ubuntu.com>
> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-users>,
> <mailto:ubuntu-users-request at lists.ubuntu.com?subject=unsubscribe>
> List-Archive: <https://lists.ubuntu.com/archives/ubuntu-users>
> List-Post: <mailto:ubuntu-users at lists.ubuntu.com>
> List-Help: <mailto:ubuntu-users-request at lists.ubuntu.com?subject=help>
> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
> <mailto:ubuntu-users-request at lists.ubuntu.com?subject=subscribe>
> Reply-To: "Ubuntu user technical support,
> not for general discussions" <ubuntu-users at lists.ubuntu.com>
> Content-Type: multipart/mixed; boundary="===============7947734441914702480=="
> Errors-To: ubuntu-users-bounces at lists.ubuntu.com
> Sender: "ubuntu-users" <ubuntu-users-bounces at lists.ubuntu.com>
> X-Authenticated_sender:
> X-Spam-Status: No, score=-4.5
> X-Spam-Score: -44
> X-Spam-Bar: ----
> X-Ham-Report: DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.8,
> RCVD_IN_SORBS_SPAM=0.5, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001,
> CMAE Analysis: v=2.2 cv=W/dIbVek c=1 sm=0 tr=0
> a=RSixXwIyTxLBnG4oXgjTAQ==:17 a=02M-m0pO-4AA:10 a=WiVod9pSvdkA:10
> a=e3ZuEKfNzSO8GI3mZr4A:9 a=QEXdDO2ut3YA:10 a=KzwPFWjq1abubmqm3bsA:9
> a=ONNS8QRKHyMA:10 a=rtTQXnqWFP_xIA3BAu0A:9
>
> * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
> * See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> * for more information.
> * [URIs: ubuntu.com]
> * 0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
> * [74.125.82.44 listed in dnsbl.sorbs.net]
> * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
> * medium trust
> * [91.189.94.19 listed in list.dnswl.org]
> * -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
> * [91.189.94.19 listed in wl.mailspike.net]
> * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> * valid
> * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
> X-Spam-Flag: NO
>
>
> --===============7947734441914702480==
> Content-Type: multipart/signed; micalg="pgp-sha512";
> protocol="application/pgp-signature"; boundary="=-wdquGcdH/RYBoUYk0Rnk"
>
>
> --=-wdquGcdH/RYBoUYk0Rnk
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> hi,
> Am Mittwoch, den 18.10.2017, 00:03 +0800 schrieb Bret Busby:
> > On 17/10/2017, Oliver Grawert <ogra at ubuntu.com> wrote:
> >=20
> > <snip>
> >=20
> > >=20
> > > =C2=A0you can easily remove the package)
> > ?
>
> ogra at styx:~$ sudo apt-get purge unattended-upgrades
> Reading package lists... Done
> Building dependency tree=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> Reading state information... Done
> The following packages will be REMOVED:
> =C2=A0 unattended-upgrades*
> 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
> After this operation, 315 kB disk space will be freed.
> Do you want to continue? [Y/n]=C2=A0
> ...
>
> (just press Y there)
>
>
"
:~$ sudo apt-get purge unattended-upgrades
[sudo] password for bret:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer
required:
libllvm3.8:i386 libllvm3.8 libudev1:i386 linux-headers-4.4.0-36
linux-headers-4.4.0-36-generic
linux-headers-4.4.0-38 linux-headers-4.4.0-38-generic
linux-headers-4.4.0-43 linux-headers-4.4.0-43-generic
linux-headers-4.4.0-45 linux-headers-4.4.0-45-generic
linux-headers-4.4.0-47 linux-headers-4.4.0-47-generic
linux-headers-4.4.0-51 linux-headers-4.4.0-51-generic
linux-headers-4.4.0-53 linux-headers-4.4.0-53-generic
linux-headers-4.4.0-57 linux-headers-4.4.0-57-generic
linux-headers-4.4.0-59 linux-headers-4.4.0-59-generic
linux-headers-4.4.0-62 linux-headers-4.4.0-62-generic
linux-headers-4.4.0-63 linux-headers-4.4.0-63-generic
linux-headers-4.4.0-64 linux-headers-4.4.0-64-generic
linux-headers-4.4.0-66 linux-headers-4.4.0-66-generic
linux-headers-4.4.0-72 linux-headers-4.4.0-72-generic
linux-headers-4.4.0-75 linux-headers-4.4.0-75-generic
linux-headers-4.4.0-77 linux-headers-4.4.0-77-generic
linux-headers-4.4.0-78 linux-headers-4.4.0-78-generic
linux-headers-4.4.0-79 linux-headers-4.4.0-79-generic
linux-headers-4.4.0-81 linux-headers-4.4.0-81-generic
linux-image-4.4.0-36-generic linux-image-4.4.0-38-generic
linux-image-4.4.0-43-generic
linux-image-4.4.0-45-generic linux-image-4.4.0-47-generic
linux-image-4.4.0-51-generic
linux-image-4.4.0-53-generic linux-image-4.4.0-57-generic
linux-image-4.4.0-59-generic
linux-image-4.4.0-62-generic linux-image-4.4.0-63-generic
linux-image-4.4.0-64-generic
linux-image-4.4.0-66-generic linux-image-4.4.0-72-generic
linux-image-4.4.0-75-generic
linux-image-4.4.0-77-generic linux-image-4.4.0-78-generic
linux-image-4.4.0-79-generic
linux-image-4.4.0-81-generic linux-image-extra-4.4.0-36-generic
linux-image-extra-4.4.0-38-generic
linux-image-extra-4.4.0-43-generic linux-image-extra-4.4.0-45-generic
linux-image-extra-4.4.0-47-generic
linux-image-extra-4.4.0-51-generic linux-image-extra-4.4.0-53-generic
linux-image-extra-4.4.0-57-generic
linux-image-extra-4.4.0-59-generic linux-image-extra-4.4.0-62-generic
linux-image-extra-4.4.0-63-generic
linux-image-extra-4.4.0-64-generic linux-image-extra-4.4.0-66-generic
linux-image-extra-4.4.0-72-generic
linux-image-extra-4.4.0-75-generic linux-image-extra-4.4.0-77-generic
linux-image-extra-4.4.0-78-generic
linux-image-extra-4.4.0-79-generic linux-image-extra-4.4.0-81-generic
snap-confine ubuntu-core-launcher
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
ubuntu-mate-core* ubuntu-mate-desktop* unattended-upgrades*
0 to upgrade, 0 to newly install, 3 to remove and 0 not to upgrade.
After this operation, 348 kB disk space will be freed.
Do you want to continue? [Y/n]
"
Therein lies the rub.
To remove the package;
:~$ sudo apt-get purge unattended-upgrades
requires the removal of the user interface.
That is why I regard the package as a trojan.
It can not be simply and easily and cleanly, removed.
Its design hooks it into other packages, to prevent its removal.
It is like a cancer with secondaries in the brain - attempts to remove,
simply aggravate the damage.
--
Bret Busby
Armadale
West Australia
..............
"So once you do know what the question actually is,
you'll know what the answer means."
- Deep Thought,
Chapter 28 of Book 1 of
"The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts",
written by Douglas Adams,
published by Pan Books, 1992
....................................................
More information about the ubuntu-users
mailing list