Web lists-archives.com

Re: Embarrassing security bug in systemd




On 07/12/17 10:52, Urs Thuermann wrote:
Yesterday, my 10 years old son logged into my laptop running Debian
jessie using his account, and curiously asked if he is allowed to try
the /sbin/reboot command.  Knowing I have a Linux system as opposed to
some crappy Win machine, I replied "sure, go ahead and try".  Seconds
later I was completely shocked when the machine actually rebooted...

I think that allowing a user logged in at the console to reboot the system is the correct behaviour for most desktops, whether via GUI or terminal. Special privileges have been granted to console users for as long as I can remember, long before systemd, because they have physical access to the machine. Console users typically are also permitted to mount, unmount, and eject removable media, and have access to audio devices. Special configuration is required to remove this functionality on kiosks, for example.

Please ask your son to try to reboot while logged remotely with ssh (loopback may be equivalent). I know that my local desktop permits passwordless shutdown while remote shutdown on another systemd machine requires a user password *and* that the user to be in sudoers.

Kind regards,

--
Ben Caradoc-Davies <ben@xxxxxxxxxxxx>
Director
Transient Software Limited <https://transient.nz/>
New Zealand