Re: Proposal of new group
On Wed, Oct 13, 1999 at 10:57:36PM +0200, Miquel van Smoorenburg wrote:
> In article <cistron.19991013194951.H217@tavaiah>,
> =?iso-8859-1?Q?Tomasz_W=EAgrzanowski?= <maniek@beer.com> wrote:
> >I suggest a new group `power'
> >and setting privileges of shutdown and halt (reboot is symlink to halt) to:
> >-rwsr-xr-- 1 root power 6876 Jan 12 1999 /sbin/halt
> >-rwsr-xr-- 1 root power 13492 Jan 12 1999 /sbin/shutdown
> >(chmod u+s)(chmod o-x)(chown root.power)
>
> Really, you are not supposed to call 'halt' or 'reboot' directly -
> that's just a BSD heritage that people can't seem to get rid of.
> But if you insist on it, halt or reboot don't need to be setuid root,
> since they call shutdown anyway if they think that is what you meant.
Hmm... I used BSD as root a week and this was long time ago so my habit
is not from this place
Its just much faster and typoless to write `halt' than `shutdown -h now'
According to manpages halt|reboot calls shutdown if system is not
in proper runlevel
> >This group would be very useful for desktop machines for people who
> >set computer on (via switch), login as common user and do what they have to
> >and then stop the computer via command (`halt' or `shutdown -h now')
> >or via it's interface gshutdown. Now this problem is lacally solved inelegantly
> >by sudo or by special root account called ex: halt (shell=/sbin/halt) or
> >by even less secure methods because of lack of the standard.
>
> Note that 'shutdown' was NOT designed to be run setuid - for all
> I know it's full of grave security holes if you do. You then not
> only gave the people in the group 'power' permission to shut down
> the machine, you just granted them root access as well ...
I see some possibilities to make a mess with suid shutdown but not
much more mess than with turning power off by button
but if you know any exploits of suid shutdown of which I dont know
please tell me (Ive found nothing in manpages)
Reply to: