Re: Embarrassing security bug in systemd
On Fri 08 Dec 2017 at 18:30:08 (-0800), Jimmy Johnson wrote:
> On 12/07/2017 02:31 AM, Jonathan Dowland wrote:
> >On Thu, Dec 07, 2017 at 10:02:56AM +0000, Tixy wrote:
> >>I'm running Jessie (with systemd running but booting with sysvinit) and
> >>trying to execute halt/poweroff/reboot/shutdown from a terminal without
> >>root privileges gives an error saying I must be superuser. Which has
> >>always been my experience in 10 years of using Debian.
> >
> >Be careful to double check what you are testing: in your situation it's
> >not clear whether /sbin/reboot is a symlink to systemctl (part of
> >systemd, so I would expect this not to work if you were not running
> >systemd as the init system) or a separate binary.
>
>
> Jonathan, I started thinking about lost work where someone restarted
> the computer while I was away from it and thought what if you can
> lock-screen and lock access to console at the same time. Is that
> something that could be done? Helpful?
>
> I know someone can pull the cord or press the power button, I got past that.
I use vlock -a in a VC to lock all the consoles. I've been using
it for years so I hadn't noticed the -n switch that allows you to
run it in X (with switching to a VC first).
You can still ssh into, and scp to, the machine while it's locked.
AFAICT Debian's versions allow unlocking with the root password as
well as the user's, which is handy if you forget which username
you were logged in under when you vlock'd it.
https://lists.debian.org/debian-user/2017/11/msg00951.html
Cheers,
David.
Reply to: