From: monty@roscom.com   
      
   How to get root on Ubuntu 20.04 by pretending nobody's /home   
      
   By Kevin Backhouse   
      
   ...   
      
   This blog post is about an astonishingly straightforward way to   
   escalate privileges on Ubuntu. With a few simple commands in the   
   terminal, and a few mouse clicks, a standard user can create an   
   administrator account for themselves. I have made a short demo video,   
   to show how easy it is.   
      
   It's unusual for a vulnerability on a modern operating system to be   
   this easy to exploit. I have, on some occasions, written thousands of   
   lines of code to exploit a vulnerability. Most modern exploits involve   
   complicated trickery, like using a memory corruption vulnerability to   
   forge fake objects in the heap, or replacing a file with a symlink   
   with microsecond accuracy to exploit a TOCTOU vulnerability. So these   
   days it's relatively rare to find a vulnerability that doesn't require   
   coding skills to exploit. I also think the vulnerability is easy to   
   understand, even if you have no prior knowledge of how Ubuntu works or   
   any security research experience.   
      
   ...   
      
   https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)