touch-packages team mailing list archive

Thread
Date

[Bug 1518785] Re: Root-owned files being overwritten with HTML by unknown program.

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Wed, 25 Nov 2015 17:58:22 -0000
Reply-to: Bug 1518785 <1518785@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public

** Package changed: ubuntu => apt (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1518785

Title:
  Root-owned files being overwritten with HTML by unknown program.

Status in apt package in Ubuntu:
  New

Bug description:
  On my wife's laptop running  Trusty, patched to approximately a week ago, all of the
  /var/lib/apt/lists/*i18n_Translation_en* files were trashed by being overwritten by
  an HTML file from OMNI Hotels (first few lines pasted below).    We had looked at the 
  hotel network signup page using Firefox but decided against paying for the hotel net,

  The ownership,group for the overwritten files  was still root,root and
  writeable only by owner.

  The overwriting of these files his broke updates.  Moving these HTML files into
  a "jail" directory and running "apt-get update; apt-get upgrade" seems to have
  gotten updating working again.

  I have not found any other overwritten files, or other damage,  yet.

  This seems to have been  benign but annoying, but it's unsettling to see root files overwritten
  by a hotel network login like this.

  First few lines of the HTML file.  the latter part has "terms and
  conditions, etc.":

  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";>
  <HTML>
  <HEAD>
    <title>Omni Hotels</title>
     <meta http-equiv="X-UA-Compatible" content="IE=7,IE=9" >
     <link rel="stylesheet" type="text/css" href="https://nomadix.omnihotels.com/css/nomadix/bootstrap_MPY_v1.css"; />
     <link rel="stylesheet" type="text/css" href="https://nomadix.omnihotels.com/css/nomadix/common.css"; />
     <link rel="stylesheet" type="text/css" href="https://nomadix.omnihotels.com/css/nomadix/custom.css"; />

     <script language="javascript" src="https://nomadix.omnihotels.com/js/nomadix/nomadix.js";></script>
     <script language="javascript" src="https://nomadix.omnihotels.com/js/jquery-1.11.1.min.js";></script>
     <script language="javascript" src="https://nomadix.omnihotels.com/js/jquery-ui-1.8.16.custom.min.js";></script>
     <script language="javascript" src="https://nomadix.omnihotels.com/js/bootstrap-3.2.min.js";></script>

  
  (I've saved the full content of these files for possible later analysis.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1518785/+subscriptions