Re: Embarrassing security bug in systemd
- Date: Wed, 6 Dec 2017 17:35:18 -0500
- From: Michael Stone <mstone@xxxxxxxxxx>
- Subject: Re: Embarrassing security bug in systemd
On Wed, Dec 06, 2017 at 10:52:17PM +0100, Urs Thuermann wrote:
Yesterday, my 10 years old son logged into my laptop running Debian
jessie using his account, and curiously asked if he is allowed to try
the /sbin/reboot command. Knowing I have a Linux system as opposed to
some crappy Win machine, I replied "sure, go ahead and try". Seconds
later I was completely shocked when the machine actually rebooted...
It's a feature. Users at the console can reboot, on the theory that if
someone's sitting at the laptop they could also just push the power
If they were logged in remotely, they would not be able to reboot.