Re: Embarrassing security bug in systemd

To: debian-user@lists.debian.org
Subject: Re: Embarrassing security bug in systemd
From: Roberto C. Sánchez <roberto@debian.org>
Date: Wed, 6 Dec 2017 21:27:43 -0500
Message-id: <[🔎] 20171207022743.e7fqmk2fgizt7cm3@camaguey.connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 06122017224054.1aa51c2e2f3a@desktop.copernicus.org.uk>
References: <[🔎] ygfindj7cdq.fsf@tehran.isnogud.escape.de> <[🔎] 06122017224054.1aa51c2e2f3a@desktop.copernicus.org.uk>

On Wed, Dec 06, 2017 at 10:48:11PM +0000, Brian wrote:
> On Wed 06 Dec 2017 at 22:52:17 +0100, Urs Thuermann wrote:
> 
> > Yesterday, my 10 years old son logged into my laptop running Debian
> > jessie using his account, and curiously asked if he is allowed to try
> > the /sbin/reboot command.  Knowing I have a Linux system as opposed to
> > some crappy Win machine, I replied "sure, go ahead and try".  Seconds
> > later I was completely shocked when the machine actually rebooted...
> > 
> > Of course, my son doesn't have any special privileges, no entry in
> > /etc/sudoers, etc.  But then I see
> 
> He is privileged because he has physical access to the machine.
> 
Not necessarily.  It is falacious to assume that someone logging in via
display manager or TTY has physical access.

-- 
Roberto C. Sánchez

Reply to:

References:
- Embarrassing security bug in systemd
  - From: Urs Thuermann <urs@isnogud.escape.de>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Embarrassing security bug in systemd
Next by Date: Re: Embarrassing security bug in systemd
Previous by thread: Re: Embarrassing security bug in systemd
Next by thread: Re: Embarrassing security bug in systemd
Index(es):
- Date
- Thread