Web lists-archives.com

Re: Embarrassing security bug in systemd




On Wed 06 Dec 2017 at 15:25:10 (-0800), James H. H. Lampert wrote:
> On 12/6/17, 2:53 PM, Michael Lange wrote:
> >uh, I guess you ought to have used your time to check your machine and
> >read some docs instead of figuring out how to best insult the debian
> >developers ;)
> >(scnr)
> 
> Now, now, you walk up to the physical console on an AS/400, you're
> not going to be able to do a PWRDWNSYS from a sign-on screen, nor
> can do it if signed on as a user who doesn't have sufficient
> authority to do a PWRDWNSYS. And you might be physically locked out
> of the front panel. It's even possible that you might be physically
> interdicted from unplugging the box, or shutting it down from the
> circuit breaker panel.

I can't speak for your jurisdiction, but typically you can shut down
a machine room without access to the room itself. I guess one reason
for this is that the halon fire suppression would kill you on entry.
With the Cambridge University computing service in the days of the
370/165, the cut-off switch was high on the wall in the "cafeteria"
area (self-service card reader and line printer) which was open to
users 24 hours a day.

> Not every OS assumes by default that anybody with physical access to
> the hardware also has the authority to shut it down.

I didn't know we were talking about authority. One of the pastimes
of kids in rough neighbourhoods is to pull the Engine Stop lever
while a bus is picking up passengers.

> (And likewise, accounts, including QSECOFR [the closest OS/400
> equivalent to root] can be restricted to certain physical
> terminals.)

Cheers,
David.