[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Embarrassing security bug in systemd

On Thu, Dec 07, 2017 at 11:26:45AM +1300, Ben Caradoc-Davies wrote:
> Special privileges have been granted to console users for as long as I can
> remember, long before systemd, because they have physical access to the
> machine. Console users typically are also permitted to mount, unmount, and
> eject removable media, and have access to audio devices.

I think this is a key point that's been overlooked in the complaints
about this behavior:  It has nothing to do with systemd.

I no longer have any non-systemd machines handy to verify this on, but
my memory is that I have *always* been able to use halt/poweroff/reboot
commands from the console without requiring sudo or entering a password,
and I've been using Debian since 2000ish, well before systemd was even a
gleam in some programmer's eye.  /sbin/shutdown may have also been
freely available at the console, but I don't remember that one clearly,
since I didn't use it all that often once I discovered the others.

But, then, even if I'm remembering incorrectly, it's still a policy
matter, not a technical one.  If the policy was changed at the same time
as Debian switched to systemd, that's just a coincidence of timing and
the same policy change could have happened while still under sysvinit.

-- 
Dave Sherohman
Reply to: