Bug 55987
| Summary: | Normal users can issue the reboot command to reboot the system | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Danny Crawford <dcrawford> |
| Component: | usermode | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED DUPLICATE | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.2 | CC: | bugzilla.redhat.com |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2002-01-18 19:36:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Danny Crawford
2001-11-09 21:35:42 UTC
It's not a bug, it's a feature. A user at the console could also pull the plug. :) Hint: See output of "which reboot". This is a very critical bug! I just tested logging into a RH7.2 (+latest errata) box as a normal user and the machine rebooted after I issued the 'reboot' command. 'w' showed my TTY was pts/4 before I 'reboot'ed. Yes... this IS A SERIOUS BUG !!!... I lost 2 days of work (chip simulation) because another regular user re-booted the system !!!!! Igor $ ll `which reboot` | cut -b57- /usr/bin/reboot -> consolehelper As I wrote before, this is not a bug. This is even documented in the "The Official Red Hat Linux Customization Guide" which is shipped on the docs CD or online here: https://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/console-access.html#S1-ACCESS-CONSOLE-CTRLALTDEL https://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/s1-access-console-program.html This same problem also exists for the "halt", "v4l-conf" and "poweroff". If a user stays logged into the console, they can (days later) ssh into the machine from remote as that same user and execute any of these commands. If you uncomment the line: auth required /lib/security/pam_stack.so service=system-auth from /etc/pam.d/halt It "fixes" the problem. I don't really care to argue that this is or is not a bug. It is like so many things in RedHat's distro..."on by default". You guys did so well with that problem in 7.2, but you need to fix the loose ends like this. I'm not suggesting you remove the consolehelper system, I am just suggesting you reverse this behavior by default. As an example of why this is silly, we are now forced to "fix" this on all 7.2 machines at our organization...something on the order of 200 machines. Nobody wants to lose work because of an interface change like this. A user logged in at the console can always reboot the system by pressing Ctrl+Alt+Del, or hitting the power switch. Allowing the user to reboot the system in an orderly way is preferable. Allowing a user to use removable media devices or video display devices) is also preferable when the user has physical access to the diskette drive and video hardware. *** This bug has been marked as a duplicate of 17882 *** |