Re: Embarrassing security bug in systemd

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: Embarrassing security bug in systemd
From: Cindy-Sue Causey <butterflybytes@gmail.com>
Date: Fri, 8 Dec 2017 17:12:18 -0500
Message-id: <[🔎] CAO1P-kC81_0Q7-YqzUTx06gzSiyY1k6Em1SPVDkKzhiOFEaDbA@mail.gmail.com>
In-reply-to: <[🔎] 20171207090344.GS3654@sherohman.org>
References: <[🔎] ygfindj7cdq.fsf@tehran.isnogud.escape.de> <[🔎] 1e935ca6-ea43-7840-7623-0849b6606ac4@transient.nz> <[🔎] 20171207090344.GS3654@sherohman.org>

On 12/7/17, Dave Sherohman <dave@sherohman.org> wrote:
> On Thu, Dec 07, 2017 at 11:26:45AM +1300, Ben Caradoc-Davies wrote:
>> Special privileges have been granted to console users for as long as I
>> can
>> remember, long before systemd, because they have physical access to the
>> machine. Console users typically are also permitted to mount, unmount,
>> and
>> eject removable media, and have access to audio devices.
>
> I think this is a key point that's been overlooked in the complaints
> about this behavior:  It has nothing to do with systemd.
>
> I no longer have any non-systemd machines handy to verify this on, but
> my memory is that I have *always* been able to use halt/poweroff/reboot
> commands from the console without requiring sudo or entering a password,
> and I've been using Debian since 2000ish, well before systemd was even a
> gleam in some programmer's eye.  /sbin/shutdown may have also been
> freely available at the console, but I don't remember that one clearly,
> since I didn't use it all that often once I discovered the others.
>
> But, then, even if I'm remembering incorrectly, it's still a policy
> matter, not a technical one.  If the policy was changed at the same time
> as Debian switched to systemd, that's just a coincidence of timing and
> the same policy change could have happened while still under sysvinit.

I do remember having to give a password, but I don't remember how long
ago now. And I have too much open right now to test drive whether mine
does it or not these days.. :)

I do understand everyone's rationale for why they like or dislike
either way. Something I did *not* understand when I saw it in
operation was why a password was needed at the terminal but not from
within the GUI's "Applications > Log Out" menu path.

I think I finally came to the (potentially misguided) a-sumption that
one rationale *might* have something to do with having to sit here in
person to click the GUI's menu path but maybe not for the terminal
and/or other (?) hackable routes....... :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Reply to:

Follow-Ups:
- Re: Embarrassing security bug in systemd
  - From: Joe <joe@jretrading.com>
- Re: Embarrassing security bug in systemd
  - From: Ric Moore <wayward4now@gmail.com>

References:
- Embarrassing security bug in systemd
  - From: Urs Thuermann <urs@isnogud.escape.de>
- Re: Embarrassing security bug in systemd
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Re: Embarrassing security bug in systemd
  - From: Dave Sherohman <dave@sherohman.org>

Prev by Date: Re: Embarrassing security bug in systemd
Next by Date: Re: Embarrassing security bug in systemd
Previous by thread: Re: Embarrassing security bug in systemd
Next by thread: Re: Embarrassing security bug in systemd
Index(es):
- Date
- Thread