Web lists-archives.com

Re: Embarrassing security bug in systemd




Am 06.12.2017 um 23:53 schrieb Michael Lange:
> Hi,
> 
> uh, I guess you ought to have used your time to check your machine and
> read some docs instead of figuring out how to best insult the debian
> developers ;)
> (scnr)
> 
> On 06 Dec 2017 22:52:17 +0100
> Urs Thuermann <urs@xxxxxxxxxxxxxxxxx> wrote:
> 
> (...)
>> I wonder how can such a severe bug make it into a Debian stable
>> distribution?  And is this just an insane default setting on Debian's
>> side or is it yet another instance of brain-dead systemd behavior?
> 
> Maybe I am just a brain-dead loony, but personally I prefer to be able to
> shut down or reboot my system without having to type a password. If you
> do not like this behavior you might have to learn how to define
> polkit rules.

For the interested reader, see
/usr/share/polkit-1/actions/org.freedesktop.login1.policy

org.freedesktop.login1.power-off has the following defaults

    <defaults>
      <allow_any>auth_admin_keep</allow_any>
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>

As has already been mentioned, active, local users can shutdown/reboot
the system without requiring a password. This is intended behaviour (for
the reasons already mentioned) and can indeed be overridden by custom
polkit rules.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature