Re: Embarrassing security bug in systemd
On Thu, Dec 07, 2017 at 09:37:25AM -0500, Roberto C. Sánchez wrote:
> On Thu, Dec 07, 2017 at 03:03:44AM -0600, Dave Sherohman wrote:
> >
> > I no longer have any non-systemd machines handy to verify this on, but
> > my memory is that I have *always* been able to use halt/poweroff/reboot
> > commands from the console without requiring sudo or entering a password,
> > and I've been using Debian since 2000ish, well before systemd was even a
> > gleam in some programmer's eye. /sbin/shutdown may have also been
> > freely available at the console, but I don't remember that one clearly,
> > since I didn't use it all that often once I discovered the others.
> >
> I just did a fresh install of wheezy (7.11) with all defaults. Here is
> what happened:
>
> testuser@debian:~$ cat /etc/debian_version
> 7.11
> testuser@debian:~$ /sbin/reboot
> reboot: must be superuser.
> testuser@debian:~$ ls -l /sbin/reboot
> lrwxrwxrwx 1 root root 4 Jul 14 2013 /sbin/reboot -> halt
> testuser@debian:~$ ls -l /sbin/halt
> -rwxr-xr-x 1 root root 15184 Jul 14 2013 /sbin/halt
>
> The situation is basically the same for /sbin/shutdown.
Well, then. I stand corrected. Thanks for reminding me of what I'd
forgotten!
--
Dave Sherohman
Reply to: