Vulnerability Development mailing list archives
Re: Non-priv'ed users able to reboot RH 7.0?
From: Matt Wilson <msw () REDHAT COM>
Date: Sat, 7 Oct 2000 19:27:24 -0400
The "reboot" command run as a normal user works only from a console login. This is the same as being able to press "Ctrl+Alt+Del" on the local keyboard. For information on how this is done, look at: man pam_console man consolehelper To require a password for even console users, edit /etc/pam.d/reboot and /etc/pam.d/halt and uncomment the: auth required /lib/security/pam_stack.so service=system-auth line. To disable non-root access to reboot and halt, change the pam settings to look like this: auth required /lib/security/pam_rootok.so account required /lib/security/pam_permit.so Cheers, Matt On Sat, Oct 07, 2000 at 06:15:09PM -0400, Joe Testa wrote:
Hi. I've found on my personal Redhat 7.0 system that any unprivilaged user can issue a 'reboot' command to reboot the machine. I have another RH 7 box, but I haven't been able to reproduce it on that one. Both systems were installed using the "Custom" option, and on clean HDs. My personal system has GNOME installed and other necessary items. The other system is a webserver, so it has very little on it besides apache, gcc, etc... Here's an example: sh-2.04$ uname -a Linux virtue 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown sh-2.04$ id uid=99(nobody) gid=99(nobody) groups=99(nobody) sh-2.04$ reboot Broadcast message from root (tty1) Sat Oct 7 16:02:49 2000... The system is going down for reboot NOW !! ... ... ____________________________________ sh-2.04$ reboot reboot: must be superuser. sh-2.04$ Can anyone else reproduce this? - Joe Testa
Current thread:
- Non-priv'ed users able to reboot RH 7.0? Joe Testa (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Gordon Messmer (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Matt Wilson (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? packetWhore (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Aaron Campbell (Oct 08)
- Re: Non-priv'ed users able to reboot RH 7.0? Andrew Griffiths (Oct 08)