[nmglug] Ubuntu 20.04 security hole
Ted Pomeroy
ted.pome at gmail.com
Wed Nov 18 08:41:57 PST 2020
NMGLUGers, I recently removed a GUI menu item and 'ubiquity' from my
Xubuntu 20.04. The menu item was a link to run ubiquity to 'Install system
to hard drive.' I had already done the installation of course. The Menu was
easy to edit, but I wondered why the system installer was still available,
in the past it was removed in the "clean up" process as the installation
winds up. So, I have purged 'ubiquity' as a precaution. I will have to
research to see if "first run" can be repeated without 'ubiquity'
installed. This also reminds me of a vulnerability in certain OSX systems
where the "First Run" could be induced to set new passwords. See for
example:
http://www.theinstructional.com/guides/how-to-re-run-the-os-x-setup-assistant
There are easier ways to gain control of hardware in your possession, or
simply fix a lost password problem. Still this is an interesting situation.
Thank you, Ted P.
On Tue, Nov 17, 2020 at 10:55 AM Ted Pomeroy <ted.pome at gmail.com> wrote:
> A "thank you" to Harold for this notice and analysis. This is something to
> keep in mind. Ubuntu users, like myself, need to stay mindful about the
> intricacy of software. Ted P.
>
> On Mon, Nov 16, 2020, 7:01 PM Harold Furbiter <wwcorigan at mail.com> wrote:
>
>> Hi all,
>>
>> Came across this article and thought it may be of interest to the group
>> or anyone who is using Ubuntu 20.04 or Gnome.
>>
>> Cheers,
>>
>> https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
>>
>> _______________________________________________
>> nmglug mailing list
>> nmglug at lists.nmglug.org
>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20201118/7fd8754a/attachment.html>
More information about the nmglug
mailing list