Ubuntu 20.04 is an incredibly popular operating system, perhaps the most popular among the Linux distributions due to its ease-of-use. In general, it’s a fairly trustworthy operating system too, especially since its source code is open. However, an update with the 20.04 revision has led to security researcher [Kevin Backhouse] finding a surprisingly easy way to escalate privileges on this OS, which we would like to note is not great.
The exploit involves two bugs, one in
accountservice daemon which handles user accounts on the computer, and another in the GNOME Display Manager which handles the login screen. Ubuntu 20.04 added some code to the daemon which looks at a specific file on the computer, and with a simple symlink, it can be tricked into reading a different file which locks the process into an infinite loop. The daemon also drops its privileges at one point in this process, a normal security precaution, but this allows the user to crash the daemon.
The second bug for this exploit involves how the GNOME Display Manager (gdm3) handles privileges. Normally it would not have administrator privileges, but if the
accountservice daemon isn’t running it escalates itself to administrator, where any changes made have administrator privileges. This provides an attacker with an opportunity to create a new user account with administrator privileges.
Of course, this being Ubuntu, we can assume that this vulnerability will be immediately patched. It’s also a good time to point out that the reason that open-source software is inherently more secure is that when anyone can see the source code, anyone can find and report issues like this which allow the software maintainer (or even the user themselves) to make effective changes more quickly.
Join us on Wednesday, July 22 at noon Pacific for the Ubuntu Update Hack Chat with Rhys Davies and Alan Pope!
Everyone has their favorite brands, covering everything from the clothes they wear to the cars they drive. We see brand loyalty informing all sorts of acquisition decisions, not only in regular consumer life but in technology, too. Brand decisions sort people into broad categories like Mac versus PC, or iPhone versus Android, and can result in spirited discussions of the relative merits of one choice over the others. It’s generally well-intentioned, even if it gets a bit personal sometimes.
Perhaps no choice is more personal in hacker circles than which Linux distribution to use. There are tons to choose from, each with their various features and particular pros and cons. Ubuntu has become a very popular choice for Linux aficionados, attracting more than a third of the market. Canonical is the company behind the Debian-based distro, providing editions that run on the desktop, on servers, and on a variety of IoT devices, as well as support and services for large-scale users.
To fill us in on what’s new in the world of Ubuntu, Canonical product manager Rhys Davies and developer advocate Alan Pope will stop by the Hack Chat this week. They’ll be ready to answer all your questions about the interesting stuff that’s going on with Ubuntu, including the recently announced Ubuntu Appliances, easy to install, low maintenance images for Raspberry Pis and PCs that are built for security and simplicity. We’ll also talk about snaps, desktops, and whatever else crops up.
Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 22 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Ubuntu Update Hack Chat”
If someone tells you they have seen a rotary engine, the chances are that you will immediately think of a Wankel engine, as you might find in some of the more exotic Mazda sports cars. But there is another rotary engine that has a prior claim to the name, and it can be found as the power unit for many early-twentieth-century aircraft. In these rotary engines the cylinders are arranged radially around a stationary crankshaft, and it is the engine itself that rotates. They have the advantage of extreme simplicity, smooth power, and a low parts count, at the expense of total loss lubrication, a relatively large rotating mass, and some difficulty in controlling their power. These rotary engines were largely obsolete by the 1920s, but recent upsurge of interest in WW1-era aircraft has led to the creation of a small demand for them. New Zealand based Classic Aero Machining Service have stepped in to fill that gap and are remanufacturing the Gnome radial engine, the most numerous design of that era.
For anyone with an interest in internal combustion engines, the Gnome is a fascinating study. It’s a nine-cylinder design that runs a four-stroke Otto cycle, but instead of the two or more valves you might be familiar with from your motor vehicle it has only a single valve. The so-called Monosoupape design uses its valve for both fuel and exhaust, opening it on the inlet stroke as well as the exhaust stroke. The simplicity of a single valve and no carburetor is thus offset by a difficulty in varying its power , so rotary engines would frequently reduce the number of firing cylinders in lieu of throttling back.
The CAMS Gnome is a faithful copy of the original, but with modern metallurgy and the addition of an electronic ignition system. The original castor oil is still used — it seems classic aviation buffs like the smell — but becuase it is notorious for leaving sticky deposits in the engine they are evaluating modern alternatives. They have some technical details on their website, and there’s a good chance you my hear one of their engines one day at an air show near you.
Continue reading “Remanufacturing A Rotary Airplane Engine”
In this video [Jack] will show you how to take a garden gnome and a solar light to create a FrankenGnome that is sure to creep out your friends and neighbors. This Hackaday original video is the first in a new series of videos that we will now be posting on a weekly basis.
You’ll notice a few symbols at the beginning of these videos. These symbols are there to help you understand what the video is all about. In the upper left corner, we have the skill level. These will range from 1 for very basic projects to 4 for highly advanced projects. The upper right corner breaks the video into two categories. The first category is ‘feature adding’. In these videos we will be taking off-the-shelf items and modifying them to do something new. The other category is ‘skill building’. In these, we will be exploring different topics in depth. At first, the skill building videos will be mostly about electronics and software. In the future when we have excavated more room in Hackaday Headquarters, located deep beneath a mountain in remote [REDACTED], we will start doing videos showing you topics with a more mechanical nature. The other icons represent the major skills involved in the project.
Check out the video after the break.
Continue reading “Video – Turning Good Gnomes Evil”