Ubuntu
ubiquity package

  1. Bug #387734
  2. Comment #2

Comment 2 for bug 387734

Revision history for this message
rew (r-e-wolff) wrote :

Ehh. I just started an install. The Default commandline for X when the system is installed and up is

   /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7

so it doesn't listen to tcp connections on HOSTNAME:0.0 however during the install it seems the "-nolisten tcp" isn't passed, so it does listen, and apparently the -auth is also left out, so clients can freely connect.

To reproduce I did the following.
Download jaunty install image (x86).
Add iso image to virtual box cdrom images.
Create a new Virtual box.
attach cdrom image above.
change network settings to HOST INTERFACE, chose pan0.
on host:
   ifconfig pan0 192.168.240.1

Add:
   subnet 192.168.240.0 netmask 255.255.255.0 {
     range 192.168.240.100 192.168.240.200;
     option routers 192.168.240.1;
  }
to /etc/dchp3/dhcpd.conf

start dhcpd.

(I enabled forwarding and NAT for the packets from pan0, on my host, to be able to verify networking on the installed systems, but I believe this is unneccesary to reproduce).

Next I started the VM.
I selected "install ubuntu".
I followed the install to the "WHO ARE YOU" screen. (I suspect a few steps earlier doesn't make a difference, but I made a typo so it didn't work in my test when I tried it in the earlier screen....).

I then did on the host:
  setenv DISPLAY 192.168.240.101:0.0
and
  xterm &

and got an xterm on my installing system. If this is the first box you're installing on vbox, it's IP address is likely to be 192.168.240.100, so you'd have to change the display accordingly.

Note that I'm installing on a virtualbox now to allow me to reproduce it without having to halt/reboot/reinstall working machines. I noticed the problem on a real install on a real machine which is now back in service (i.e. no longer available for wiping the HD and reinstalling).

If you're trying to reproduce this problem on a real machine on a real network, you just have to make sure that dhcp is somehow running (usually already the case), and figure out the assigned IP address.

Note that for demonstration purposes I started an xterm. This just gives you a window on the host where you issued the xterm command, and not on the machine that is being installed. However, a keylogger could be started, and the contents of the "who are you" screen is very interesting, as it contains the login name of the root-user. The keylogger (if possible, I don't have one, but know they exist) would also capture the password. But even
   xwd | xwdtopnm > test.ppm
  gqview test.ppm

gives a nice screenshot of the machine being installed.