Bug 52010 - Can Shutdown/Restart Server w/o Logging In
Summary: Can Shutdown/Restart Server w/o Logging In
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: gdm
Version: roswell
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Havoc Pennington
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-18 14:19 UTC by Brian Z
Modified: 2007-04-18 16:36 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2001-08-20 13:53:14 UTC


Attachments (Terms of Use)

Description Brian Z 2001-08-18 14:19:23 UTC
Description of Problem:
At the GDM login prompt, I am able to shutdown and restart the server 
without logging in.  This shows a lack of security, since any user can 
walk by the computer and shutdown/restart it.  Win NT Server & 2000 
Server force the administrator to log in to use these options.

Version-Release number of selected component (if applicable):
2.2.3.1-8

How Reproducible:
Always

Steps to Reproduce:
1.  At the GDM Login Prompt, click System
2.  Click Shutdown or Restart
3.  Watch System Shutdown/Restart

Actual Results:
Server restarts/shutdown.

Expected Results:
To be Prompted for root password to restart/shutdown.

Additional Information:
n/a

Comment 1 Havoc Pennington 2001-08-20 14:56:11 UTC
You can also type "ctrl-alt-del" at the console, always have been able to.

If you want to disable this, there are options in /etc/X11/gdm/gdm.conf, and 
you can turn off ctrl-alt-del in /etc/inittab. People can still hit the power
button though, if you haven't physically concealed it.


Note You need to log in before you can comment on or make changes to this bug.