Bug 11831 - Any user is able to take computer down to runlevel 1
Any user is able to take computer down to runlevel 1
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
6.2
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-01 18:18 EDT by eugeni
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-06-01 18:57:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description eugeni 2000-06-01 18:18:30 EDT
Any user is able to execute /usr/bin/shutdown now (soft link to 
/usr/bin/consolehelper) without -h or -r parameters... So, when an ordinary 
user executes: 

/usr/bin/shutdown now
password: <user's password>
The system goes down to runlevel 1 (single-user)...

This "bug" can only be exploited on local machine, but, when used against a 
remote red hat server, it takes the machine down until any admin restarts 
it...
Comment 1 eugeni 2000-06-01 18:57:19 EDT
I guess RedHat should adjust pam and usermode packages to fix it, because it is 
necessary to remove this "bug" on each machine "available" to public use...

Sorry for "yet" another message about this problem (I have seen posts about 
usermode bugs just a second after I submitted my text :-), but I think it is a 
HUGE security hole it should be fixed... It is "really" annoying when you 
discover a lot of local user on a fresh RedHat installation :-)
Comment 2 Nalin Dahyabhai 2000-06-10 16:53:20 EDT
A user with access to the console (which is required to do this) can also just
switch the computer off.  That said, this is configurable using PAM's
configuration file mechanism.  Removing the files named "shutdown", "halt", 
"reboot", and "poweroff" from the /etc/pam.d directory will disable this.

Note You need to log in before you can comment on or make changes to this bug.