[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Embarrassing security bug in systemd

On Wed, Dec 06, 2017 at 03:25:10PM -0800, James H. H. Lampert wrote:
Now, now, you walk up to the physical console on an AS/400, you're not going to be able to do a PWRDWNSYS from a sign-on screen, nor can do it if signed on as a user who doesn't have sufficient authority to do a PWRDWNSYS. And you might be physically locked out of the front panel. It's even possible that you might be physically interdicted from unplugging the box, or shutting it down from the circuit breaker panel.
Not every OS assumes by default that anybody with physical access to the hardware also has the authority to shut it down. 

In the extremely unlikely event that you have your debian system
configured with that level of physical access control, you can adjust the power/reboot permissions to suit your preferences. For most other users, the defaults are reasonable.
The main realistic use case of a different default is kiosk systems, where changing the privileges given to locally logged in users is just one of the steps that should be taken. In general, defaults are chosen to be useful for the largest set of users. Side note: historically, people have always wanted to be able to reboot or shutdown the system they were sitting in front of. This led to a lot of really horrible solutions, like a bunch of setuid helper programs and one-off site specific hacks. Having this functionality standardized in one place is a net win for security, especially since there's also now a single standarized way to change the privileges. 

Mike Stone
Reply to: