Vulnerability Development mailing list archives

Re: Non-priv'ed users able to reboot RH 7.0?

From: Gordon Messmer <yinyang () EBURG COM>
Date: Sat, 7 Oct 2000 16:42:52 -0700

On Sat, 7 Oct 2000, Joe Testa wrote:

    I've found on my personal Redhat 7.0 system that any unprivilaged
user can issue a 'reboot' command to reboot the machine.


That's a feature of the "userhelper" package.  It allows users who are at
the console to reboot or shutdown the machine in the proper manner.  The
idea is that if they're at the console and need to shut the server down,
they can either have access to "reboot", or the power button.  The former
is the better option.

On your second box, either /sbin is in the path before /usr/bin, or
userhelper isn't installed.  /sbin and /usr/sbin normally aren't in normal
users' PATHs.

MSG

Current thread:

Non-priv'ed users able to reboot RH 7.0? Joe Testa (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Gordon Messmer (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Matt Wilson (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? packetWhore (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Aaron Campbell (Oct 08)
- Re: Non-priv'ed users able to reboot RH 7.0? Andrew Griffiths (Oct 08)