Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

ISO is great at keeping things immutable - most OSes auto-mount inserted USB sticks r/w by default, so your ext4 USB rescue stick cam be broken by one accidental mouse drag, or by a typo in "rm" command. And even if you fix one OS to not mount it r/w, it will still happen if you insert into your friend's PC.

On the other hand, ISO is guaranteed to be immutable, you need some real effort to break it.



Immutability is not a property of the ISO file (system) format, it's a property of having it live on an optical disc.

But most computers these days don't have drives for optical discs, and if your ISO is merely a file on a USB stick, then it can be broken just as easily.


Maybe in theory, but not in practice. Because no ISO fs implementation has support for writing to a mounted image.

I'd argue that even in theory the immutability is kind of a property of the image format, since it doesn't have file or free space fragmentation. So whenever a file grows or shrinks you have to regenerate the entire image.


This is not true, ISO9660 was designed to be a read-only filesystem: it has no concept of slack space nor sectors in the traditional sense. Every file and directory entry on ISO9660 consists of a single extent (contiguous number of sectors). If your file or directory entry needs to grow beyond its current size, you must create a new copy of the entire entry and append it to the image.

The only writable filesystems that use the same allocation strategy are log-based flash filesystems, but they also have support for quickly scanning the filesystem to get the most recent snapshot state. Again, ISO9660 does not have that because it was not designed to be writable.


The point is that an ISO image is just a file, and if that file is on a USB stick, it can be accidentally overwritten or deleted, same as any other file.

And if someone really wanted to (in a black hat scenario), it would absolutely be possible to rewrite an ISO image on the fly to modify individual files.


No, once written to USB stick, ISO image is not a file anymore, it is a sequence of blocks outside of any filesystem. This means you need to use special raw disk tools (like dd) to modify it, and you can no longer operate on it using file managers, "ls", "mv", "rm" and all the related stuff.

You are correct that in black hat scenario, one could rewrite ISO image on the fly - after all, that's what I do when I upgrade my bootable USB stick to latest version.

But while ISOs are not perfect protection against malware, they are _great_ against accidental modification. On my PC, when I insert USB stick, the window pops up right away, and it takes 1 (one) mouse drag to make drive unbootable. No such problem exists with ISO images.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: