Vulnerability Development mailing list archives
Re: Non-priv'ed users able to reboot RH 7.0?
From: Gordon Messmer <yinyang () EBURG COM>
Date: Sat, 7 Oct 2000 16:42:52 -0700
On Sat, 7 Oct 2000, Joe Testa wrote:
I've found on my personal Redhat 7.0 system that any unprivilaged user can issue a 'reboot' command to reboot the machine.
That's a feature of the "userhelper" package. It allows users who are at the console to reboot or shutdown the machine in the proper manner. The idea is that if they're at the console and need to shut the server down, they can either have access to "reboot", or the power button. The former is the better option. On your second box, either /sbin is in the path before /usr/bin, or userhelper isn't installed. /sbin and /usr/sbin normally aren't in normal users' PATHs. MSG
Current thread:
- Non-priv'ed users able to reboot RH 7.0? Joe Testa (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Gordon Messmer (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Matt Wilson (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? packetWhore (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Aaron Campbell (Oct 08)
- Re: Non-priv'ed users able to reboot RH 7.0? Andrew Griffiths (Oct 08)