Re: Embarrassing security bug in systemd
- Date: Wed, 6 Dec 2017 18:56:12 -0500
- From: Michael Stone <mstone@xxxxxxxxxx>
- Subject: Re: Embarrassing security bug in systemd
On Wed, Dec 06, 2017 at 03:25:10PM -0800, James H. H. Lampert wrote:
Now, now, you walk up to the physical console on an AS/400, you're not
going to be able to do a PWRDWNSYS from a sign-on screen, nor can do
it if signed on as a user who doesn't have sufficient authority to do
a PWRDWNSYS. And you might be physically locked out of the front
panel. It's even possible that you might be physically interdicted
from unplugging the box, or shutting it down from the circuit breaker
Not every OS assumes by default that anybody with physical access to
the hardware also has the authority to shut it down.
In the extremely unlikely event that you have your debian system
configured with that level of physical access control, you can adjust
the power/reboot permissions to suit your preferences. For most other
users, the defaults are reasonable.
The main realistic use case of a different default is kiosk systems,
where changing the privileges given to locally logged in users is just
one of the steps that should be taken. In general, defaults are chosen
to be useful for the largest set of users.
Side note: historically, people have always wanted to be able to reboot
or shutdown the system they were sitting in front of. This led to a lot
of really horrible solutions, like a bunch of setuid helper programs and
one-off site specific hacks. Having this functionality standardized in
one place is a net win for security, especially since there's also now a
single standarized way to change the privileges.