Web lists-archives.com

Re: Embarrassing security bug in systemd




On Wed, Dec 06, 2017 at 10:48:11PM +0000, Brian wrote:
> On Wed 06 Dec 2017 at 22:52:17 +0100, Urs Thuermann wrote:
> 
> > Yesterday, my 10 years old son logged into my laptop running Debian
> > jessie using his account, and curiously asked if he is allowed to try
> > the /sbin/reboot command.  Knowing I have a Linux system as opposed to
> > some crappy Win machine, I replied "sure, go ahead and try".  Seconds
> > later I was completely shocked when the machine actually rebooted...
> > 
> > Of course, my son doesn't have any special privileges, no entry in
> > /etc/sudoers, etc.  But then I see
> 
> He is privileged because he has physical access to the machine.
> 
Not necessarily.  It is falacious to assume that someone logging in via
display manager or TTY has physical access.

-- 
Roberto C. Sánchez