Re: Embarrassing security bug in systemd
- Date: Thu, 7 Dec 2017 11:26:45 +1300
- From: Ben Caradoc-Davies <ben@xxxxxxxxxxxx>
- Subject: Re: Embarrassing security bug in systemd
On 07/12/17 10:52, Urs Thuermann wrote:
Yesterday, my 10 years old son logged into my laptop running Debian
jessie using his account, and curiously asked if he is allowed to try
the /sbin/reboot command. Knowing I have a Linux system as opposed to
some crappy Win machine, I replied "sure, go ahead and try". Seconds
later I was completely shocked when the machine actually rebooted...
I think that allowing a user logged in at the console to reboot the
system is the correct behaviour for most desktops, whether via GUI or
terminal. Special privileges have been granted to console users for as
long as I can remember, long before systemd, because they have physical
access to the machine. Console users typically are also permitted to
mount, unmount, and eject removable media, and have access to audio
devices. Special configuration is required to remove this functionality
on kiosks, for example.
Please ask your son to try to reboot while logged remotely with ssh
(loopback may be equivalent). I know that my local desktop permits
passwordless shutdown while remote shutdown on another systemd machine
requires a user password *and* that the user to be in sudoers.
Ben Caradoc-Davies <ben@xxxxxxxxxxxx>
Transient Software Limited <https://transient.nz/>