Always pick a winner: Big security hole discovered in Ubuntu, page 1 - Forum

dnovraD Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

dnovraD

2023-08-14: Remember the Spaces!

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jul 2012

From United States

Posted November 11, 2020

1

See, I've grown less and less fond of Ubuntu as time has gone onward and incidents like this just don't help things.

TL;DR: Big ole custom patch in GDM allows root access to systems.

osm Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

osm

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2013

From Russian Federation

Posted November 11, 2020

2

Darvond: See, I've grown less and less fond of Ubuntu as time has gone onward and incidents like this just don't help things.

TL;DR: Big ole custom patch in GDM allows root access to systems.

Afraid your girlfriend will p0wn your rig while you're away?
SHOCK! HORROR! Another exploit that in no (realistic) way affects desktop users (and probably most corporate ones as well).

Post edited November 11, 2020 by osm

osm Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

osm

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2013

From Russian Federation

Posted November 11, 2020

3

I'll quote a very sensible remark from the original article:
I have recently spent quite a bit of time looking for security vulnerabilities in Ubuntu’s system services, and it has mostly been an exercise in frustration. I have found (and reported) a few issues, but the majority have been low severity. Ubuntu is open source, which means that many people have looked at the source code before me, and it seems like all the easy bugs have already been found.

Also from it:
Exploitation steps
First, open a terminal

lol. enjoy your sad sensationalism

clarry

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Feb 2014

From Other

Posted November 11, 2020

4

Hot take: policykit/polkit should've never existed. (Same for gdm and all this other garbage though, bloat designed by and for windows/mac lovers)

Just a couple weeks ago I was thinking of switching to a different distro because I don't want to see polkit (and other nonsense) on my system. Still haven't made up my mind. I feel like nobody's making distros with good taste, maybe I have to roll my own.

And what the actual heck? Polkit depends on.. mozjs! So some webshit can configure their sudo-for-systemd in javascript. Goodness gracious, I don't want to have anything to do with modern linux desktops.

Post edited November 11, 2020 by clarry

illiousintahl Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

illiousintahl

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Apr 2010

From Australia

Posted November 11, 2020

5

Is mint a derivative? Does it effect derivatives?

P-E-S Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

P-E-S

I like games

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From United States

Posted November 11, 2020

6

clarry: for windows lovers

*humps his gaming rig* Yeah, baby! =P

Honestly, people like me who have absolutely no problems with Win10/macOS probably don't give two shits about what's happening in Linux-land. *shrug* Really odd comment to make.

Post edited November 11, 2020 by Mr.Mumbles

Lord_Kane Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Lord_Kane

Leaf Kaigai Nikki

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Mar 2009

From Canada

Posted November 11, 2020

7

clarry: for windows lovers

Mr.Mumbles: *humps his gaming rig* Yeah, baby! =P

Honestly, people like me who have absolutely no problems with Win10/macOS probably don't give two shits about what's happening in Linux-land. *shrug* Really odd comment to make.

ewwwww clean up

timppu Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

timppu

Favorite race: Formula__One

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jun 2011

From Finland

Posted November 11, 2020

8

I used to be a big-time Windows 3.1 hacker (or was it 3.11, not quite sure).

When my friend's Windows 3.1 computer screen saver was running, I moved the mouse so that the password window popped up, and then I dragged that password window to the very bottom right corner of the screen so that only one pixel was visible from the window, at the very bottom right corner.

Then when my friend came to his computer and moved the mouse in order to see the password prompt screen, he saw nothing as it was hidden almost completely outside the screen.

He was like WTF and I was like LOL.

Post edited November 11, 2020 by timppu

VanishedOne Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

VanishedOne

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Dec 2012

From United Kingdom

Posted November 11, 2020

9

MaceyNeil: Is mint a derivative? Does it effect derivatives?

On my Mint/Cinnamon machine, the gdm3 package isn't installed.

Maighstir Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Maighstir

THIS KNIGHT MISLIKES THESE HEIGHTS

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From Sweden

Posted November 11, 2020

10

timppu: I used to be a big-time Windows 3.1 hacker (or was it 3.11, not quite sure).

When my friend's Windows 3.1 computer screen saver was running, I moved the mouse so that the password window popped up, and then I dragged that password window to the very bottom right corner of the screen so that only one pixel was visible from the window, at the very bottom right corner.

Then when my friend came to his computer and moved the mouse in order to see the password prompt screen, he saw nothing as it was hidden almost completely outside the screen.

He was like WTF and I was like LOL.

On the other hand, Windows 3.1 and Mac OS <= 9 are probably among the safest systems you can use today. While they have no concept of security whatsoever, it's also the case that no one writing exploits target them.

Post edited November 11, 2020 by Maighstir

dnovraD Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

dnovraD

2023-08-14: Remember the Spaces!

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jul 2012

From United States

Posted November 11, 2020

11

MaceyNeil: Is mint a derivative? Does it effect derivatives?

I like to explain it like this: Ubuntu is the leftovers of Debian LTS and Mint is the table scraps of Ubuntu LTS.

So yes, unless you do the sensible thing and toss out GDM.

Post edited November 11, 2020 by Darvond

ZFR Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

ZFR

I love gold!

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jan 2010

From Ireland

Posted November 11, 2020

12

Maighstir: it's also the case that no one writing exploits target them.

Have you not read timppu's post?

dnovraD Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

dnovraD

2023-08-14: Remember the Spaces!

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jul 2012

From United States

Posted November 11, 2020

13

timppu: I used to be a big-time Windows 3.1 hacker (or was it 3.11, not quite sure).

When my friend's Windows 3.1 computer screen saver was running, I moved the mouse so that the password window popped up, and then I dragged that password window to the very bottom right corner of the screen so that only one pixel was visible from the window, at the very bottom right corner.

Then when my friend came to his computer and moved the mouse in order to see the password prompt screen, he saw nothing as it was hidden almost completely outside the screen.

He was like WTF and I was like LOL.

Actually, that does remind me of how Windows versions up to XP had paperweight security, you could just spawn an explorer or any similar number of things to get past a login prompt.

timppu Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

timppu

Favorite race: Formula__One

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jun 2011

From Finland

Posted November 12, 2020

14

Maighstir: it's also the case that no one writing exploits target them.

ZFR: Have you not read timppu's post?

Who cares? Even I don't read my own posts.

Maighstir Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Maighstir

THIS KNIGHT MISLIKES THESE HEIGHTS

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From Sweden

Posted November 12, 2020

15

Maighstir: it's also the case that no one writing exploits target them.

ZFR: Have you not read timppu's post?

I did. Any password screen in those days was pretty much a smoke screen, easier to bypass by not typing the password than actually doing so.

Discover CD PROJEKT RED games

Highlights

Featured