Bug 6554 - Defaults allow any console user to reboot/halt/etc machine
Summary: Defaults allow any console user to reboot/halt/etc machine
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: usermode
Version: 6.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-10-31 02:49 UTC by Chris Siebenmann
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-11-15 19:24:37 UTC

Attachments (Terms of Use)

Description Chris Siebenmann 1999-10-31 02:49:44 UTC
The default zero-length halt, poweroff, shutdown, and
reboot files in /etc/security/console.apps allow any
console user to halt, power off, shut down, or reboot
the machine if they have logged into it. I believe that
this is an undesirable default, and that two things should

 First, I think that userhelper should default to assuming
that a zero-length file means either that nothing should
be allowed or that 'USER=root' should be the assumed
contents, instead of the current undocumented assumption
of 'USER=<user>'.

 Second, I think that these four files should all have the
contents 'USER=root' added, to make the policy explicit.

Comment 1 Preston Brown 1999-11-15 19:24:59 UTC
We disagree, and believe that these are reasonable defaults.  Someone who has
console access already has the ability to do much worse than this in most
cases.  In the case of a server machine or a "cluster" type situation, the
defaults can be easily modified.

Note You need to log in before you can comment on or make changes to this bug.