[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Embarrassing security bug in systemd

On Sun 10 Dec 2017 at 00:38:12 (-0800), Jimmy Johnson wrote:
> On 12/09/2017 08:23 AM, David Wright wrote:
> >On Fri 08 Dec 2017 at 18:30:08 (-0800), Jimmy Johnson wrote:
> >>On 12/07/2017 02:31 AM, Jonathan Dowland wrote:
> >>>On Thu, Dec 07, 2017 at 10:02:56AM +0000, Tixy wrote:
> >>>>I'm running Jessie (with systemd running but booting with sysvinit) and
> >>>>trying to execute halt/poweroff/reboot/shutdown from a terminal without
> >>>>root privileges gives an error saying I must be superuser. Which has
> >>>>always been my experience in 10 years of using Debian.
> >>>
> >>>Be careful to double check what you are testing: in your situation it's
> >>>not clear whether /sbin/reboot is a symlink to systemctl (part of
> >>>systemd, so I would expect this not to work if you were not running
> >>>systemd as the init system) or a separate binary.
> >>
> >>
> >>Jonathan, I started thinking about lost work where someone restarted
> >>the computer while I was away from it and thought what if you can
> >>lock-screen and lock access to console at the same time.  Is that
> >>something that could be done? Helpful?
> >>
> >>I know someone can pull the cord or press the power button, I got past that.
> >
> >I use vlock -a in a VC to lock all the consoles. I've been using
> >it for years so I hadn't noticed the -n switch that allows you to
> >run it in X (with switching to a VC first).
> >
> >You can still ssh into, and scp to, the machine while it's locked.
> >AFAICT Debian's versions allow unlocking with the root password as
> >well as the user's, which is handy if you forget which username
> >you were logged in under when you vlock'd it.
> >
> >     https://lists.debian.org/debian-user/2017/11/msg00951.html
> 
> Thanks David, works great, KDE runs on VC7 I went to VC2 an ran '$
> vlock -a' and I was NOT able to switch to any other VC it was locked
> with the message to press enter with passwd, if you press enter with
> wrong passwd or no passwd you will be prompted for ROOT passwd. For
> me that was no problem, but I can see the shock on someones face
> when they don't know the root passwd and I got a chuckle out of
> that. After entering the root passwd I was able to switch back to
> VC7 and all was well. :)

With nothing available but the Return key, methods of giving you
user/root password choice are limited. The solution is alternation:
just keep pressing the Return key until you get the prompt you want.

Cheers,
David.
Reply to: