Re: Non-priv'ed users able to reboot RH 7.0?

[packetWhore <packetwhore () STARGATE NET>]

I noticed the same thing on RH6.1... Only it would ask me for a password
but I only had to enter my normal user password not the root password...
didn't think much of it because I had locked it down pretty well and it
was only a personal box.. I have since moved to Slack 7...

not sure why that is...

pW

On Sat, 7 Oct 2000, Joe Testa wrote:

> Hi.
>
>     I've found on my personal Redhat 7.0 system that any unprivilaged
> user can issue a 'reboot' command to reboot the machine.  I have another
> RH 7 box, but I haven't been able to reproduce it on that one.  Both
> systems were installed using the "Custom" option, and on clean HDs.  My
> personal system has GNOME installed and other necessary items.  The
> other system is a webserver, so it has very little on it besides apache,
> gcc, etc...
>
>     Here's an example:
>
>
> sh-2.04$ uname -a
> Linux virtue 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown
> sh-2.04$ id
> uid=99(nobody) gid=99(nobody) groups=99(nobody)
> sh-2.04$ reboot
>
> Broadcast message from root (tty1) Sat Oct  7 16:02:49 2000...
>
> The system is going down for reboot NOW !!
> ...
> ...
> ____________________________________
>
>
> sh-2.04$ reboot
> reboot: must be superuser.
> sh-2.04$
>
>
>
>
>     Can anyone else reproduce this?
>
>         - Joe Testa