Re: Problem with '/etc/shutdown.allow'
In article <844s2b6puo.fsf@snoopy.apana.org.au>,
Brian May <bam@debian.org> wrote:
>It looks like (to me) that making shutdown setuid root means anybody
>can shutdown the computer, from any location, as /etc/shutdown.allow
>is only checked when -a is passed. Am I wrong?
No, that is correct. Shutdown wasn't really designed to be run setuid.
It might have 1 or 2 buffer overruns as well so you *really* don't
want to make it setuid root.
>If I am wrong, then the documentation should be corrected for this
>special case.
No need to, the documentation is correct as well.
Mike.
Reply to: