Several sites are covering an incident affecting Raspberry Pi OS deployments since last week. Quietly, without disclosure or warning, a package added a Microsoft repository and OpenPGP key to the system. The latter effectively gives the former full root access, in principle, to the whole system. The former checks in with Microsoft's servers any time APT refreshes its cache.
$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"How to know if you're affected/infected already:
$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main
Issue has been taken with both what has been done and how it has been deployed. The official explanation is, for now, that resource hog Visual Studio was to be made available by default on the Raspberry Pi for development for their first entry into microcontrollers, the Raspberry Pi Pico. This is in spite of the established presence of many light weight editors and IDEs alredy[sic] available through vetted repositories. Not to mention the package could have been added to the established, vetted repositories. Threads on the topic over at the Raspberry Pi Forum are quickly locked by moderators and then deleted.
(Score: 2) by Tokolosh on Friday February 05 2021, @11:30PM (3 children)
Thank you very much. I ran your commands, see below. My understanding is that I have created an immutable microsoft gpg file, which prevents their repo being added.
pi@raspberrypi:~ $ sudo rm /etc/apt/sources.list.d/vscode.list
rm: cannot remove '/etc/apt/sources.list.d/vscode.list': No such file or directory
pi@raspberrypi:~ $ sudo rm /etc/apt/sources.list.d/vscode.list
rm: cannot remove '/etc/apt/sources.list.d/vscode.list': No such file or directory
pi@raspberrypi:~ $ sudo chmod 444 /etc/apt/sources.list.d/vscode.list
chmod: cannot access '/etc/apt/sources.list.d/vscode.list': No such file or directory
pi@raspberrypi:~ $ sudo chattr +i /etc/apt/sources.list.d/vscode.list
chattr: No such file or directory while trying to stat /etc/apt/sources.list.d/vscode.list
pi@raspberrypi:~ $ sudo rm /etc/apt/trusted.gpg.d/microsoft.gpg
rm: cannot remove '/etc/apt/trusted.gpg.d/microsoft.gpg': No such file or directory
pi@raspberrypi:~ $ sudo touch /etc/apt/trusted.gpg.d/microsoft.gpg
pi@raspberrypi:~ $ sudo chmod 444 /etc/apt/trusted.gpg.d/microsoft.gpg
pi@raspberrypi:~ $ sudo chattr +i /etc/apt/trusted.gpg.d/microsoft.gpg
(Score: 3, Informative) by MadTinfoilHatter on Saturday February 06 2021, @04:26AM (1 child)
The idea was to create immutable versions of empty (and therefore harmless) versions of microsoft.gpg and vscode.list so that any process that tries to add or modify these files will fail.
However here you went wrong. You copy-pasted the rm command twice, and missed the touch command, causing the last two commands to also have no effect. You should repeat the whole procedure (including rm) for vscode.list just to be safe. The only command that should possibly fail with an error message is the rm one (if you weren't infected when running the commands). The rest should go through with no comment as was the case for microsoft.gpg.
(Score: 2) by Tokolosh on Saturday February 06 2021, @02:34PM
Thanks, and to unauthorized, too, for spotting my mistake.
(Score: 3, Informative) by unauthorized on Saturday February 06 2021, @05:23AM
Your understanding is correct but your second command is wrong, you did rm (remove file) twice instead of using touch to create a blank file. Redo the first set of four commands and you'll be good. Only the first one should yield a "no such file" error.