Re: Embarrassing security bug in systemd
On Wed, Dec 06, 2017 at 10:48:11PM +0000, Brian wrote:
> On Wed 06 Dec 2017 at 22:52:17 +0100, Urs Thuermann wrote:
>
> > Yesterday, my 10 years old son logged into my laptop running Debian
> > jessie using his account, and curiously asked if he is allowed to try
> > the /sbin/reboot command. Knowing I have a Linux system as opposed to
> > some crappy Win machine, I replied "sure, go ahead and try". Seconds
> > later I was completely shocked when the machine actually rebooted...
> >
> > Of course, my son doesn't have any special privileges, no entry in
> > /etc/sudoers, etc. But then I see
>
> He is privileged because he has physical access to the machine.
>
Not necessarily. It is falacious to assume that someone logging in via
display manager or TTY has physical access.
--
Roberto C. Sánchez
Reply to: