52010 – Can Shutdown/Restart Server w/o Logging In

Bug 52010 - Can Shutdown/Restart Server w/o Logging In

Summary: Can Shutdown/Restart Server w/o Logging In

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Public Beta
Classification:	Retired
Component:	gdm
Sub Component:
Version:	roswell
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Havoc Pennington
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-08-18 14:19 UTC by Brian Z
Modified:	2007-04-18 16:36 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-08-20 13:53:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Brian Z 2001-08-18 14:19:23 UTC

Description of Problem:
At the GDM login prompt, I am able to shutdown and restart the server 
without logging in.  This shows a lack of security, since any user can 
walk by the computer and shutdown/restart it.  Win NT Server & 2000 
Server force the administrator to log in to use these options.

Version-Release number of selected component (if applicable):
2.2.3.1-8

How Reproducible:
Always

Steps to Reproduce:
1.  At the GDM Login Prompt, click System
2.  Click Shutdown or Restart
3.  Watch System Shutdown/Restart

Actual Results:
Server restarts/shutdown.

Expected Results:
To be Prompted for root password to restart/shutdown.

Additional Information:
n/a

Comment 1 Havoc Pennington 2001-08-20 14:56:11 UTC

You can also type "ctrl-alt-del" at the console, always have been able to.

If you want to disable this, there are options in /etc/X11/gdm/gdm.conf, and 
you can turn off ctrl-alt-del in /etc/inittab. People can still hit the power
button though, if you haven't physically concealed it.

Note You need to log in before you can comment on or make changes to this bug.