[nmglug] Ubuntu 20.04 security hole

Ted Pomeroy ted.pome at gmail.com
Wed Nov 18 08:41:57 PST 2020

NMGLUGers, I recently removed a GUI menu item and 'ubiquity' from my
Xubuntu 20.04. The menu item was a link to run ubiquity to 'Install system
to hard drive.' I had already done the installation of course. The Menu was
easy to edit, but I wondered why the system installer was still available,
in the past it was removed in the "clean up" process as the installation
winds up. So, I have purged 'ubiquity' as a precaution. I will have to
research to see if "first run" can be repeated without 'ubiquity'
installed. This also reminds me of a vulnerability in certain OSX systems
where the "First Run" could be induced to set  new passwords. See for
There are easier ways to gain control of hardware in your possession, or
simply fix a lost password problem. Still this is an interesting situation.
Thank you, Ted P.

On Tue, Nov 17, 2020 at 10:55 AM Ted Pomeroy <ted.pome at gmail.com> wrote:

> A "thank you" to Harold for this notice and analysis. This is something to
> keep in mind. Ubuntu users, like myself, need to stay mindful about the
> intricacy of software. Ted P.
> On Mon, Nov 16, 2020, 7:01 PM Harold Furbiter <wwcorigan at mail.com> wrote:
>> Hi all,
>> Came across this article and thought it may be of interest to the group
>> or anyone who is using Ubuntu 20.04 or Gnome.
>> Cheers,
>> https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
>> _______________________________________________
>> nmglug mailing list
>> nmglug at lists.nmglug.org
>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20201118/7fd8754a/attachment.html>

More information about the nmglug mailing list