121272 – "reboot" should ask for confirmation, maybe ask for root password

Bug 121272 - "reboot" should ask for confirmation, maybe ask for root password

Summary: "reboot" should ask for confirmation, maybe ask for root password

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	usermode
Sub Component:
Version:	1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Martin Bacovsky
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-04-19 21:58 UTC by Konstantin Olchanski
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-27 17:44:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Konstantin Olchanski 2004-04-19 21:58:18 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
We have a problem with non-priveleged users accidentally rebooting
server machines by typing "reboot" into the wrong shell window.

We traced this to the pam configuration of the usermode package:
apparently, if any user logged into the console types "reboot" (or
"halt" or "shutdown"), the system immediately reboots without asking
for confirmation, without asking for a root password.

This behaviour is very surprising, is highly undesirable and should be
fixed. At the very least, the user should be prompted for confirmation
of such a drastic action as a reboot. Ideally, only root users should
be allowed to reboot machines from the command prompt. Non-root users
 should log out and select the "reboot" option in the graphical login
screen.

K.O.


Version-Release number of selected component (if applicable):
usermode-1.67-2, 1.69-1

How reproducible:
Always

Steps to Reproduce:
1. login as a normal user into the graphical X11 console
2. open a shell window
3. type "reboot"
    

Actual Results:  The machine unexpectedly reboots.


Expected Results:  The user should be asked for confirmation or asked
for the root password.


Additional info:

Comment 1 Matthew Miller 2006-07-11 17:34:24 UTC

Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.

Thanks!

NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 2 John Thacker 2006-10-27 17:44:34 UTC

Closing per lack of response.  Also note that FC1 and FC2 are no longer
supported even by Fedora Legacy.  If this still occurs on FC3 or FC4, please
assign to that version and Fedora Legacy.  If it still occurs on FC5 or FC6,
please reopen and assign to the correct version.

Note You need to log in before you can comment on or make changes to this bug.