Vulnerability Development mailing list archives
Re: Non-priv'ed users able to reboot RH 7.0?
From: Andrew Griffiths <griffiths_a () SCHOLAR DON TASED EDU AU>
Date: Mon, 9 Oct 2000 10:43:15 +1100
At 06:15 PM 7/10/2000 -0400, you wrote:
Hi.
G'day.
I've found on my personal Redhat 7.0 system that any unprivilaged user can issue a 'reboot' command to reboot the machine. I have another RH 7 box, but I haven't been able to reproduce it on that one. Both systems were installed using the "Custom" option, and on clean HDs. My personal system has GNOME installed and other necessary items. The other system is a webserver, so it has very little on it besides apache, gcc, etc...
It's your bash path setting, you'll find a /usr/bin/shutdown (a wrapper to userhelper which relies on pam) and a /sbin/shutdown, I suspect sh pointed to /sbin before /usr/bin. Oh well, this is for 6.2, but you may want to check /etc/pam.d/shutdown (if it exists) and the default pam.d. Also, when you log in on the console, you get various priveldges, such as floppy and cd control. Check out pam. Andrew Griffiths |-----------------------------------| | 'Outlook Express - Spreading more | | viruses than a diseased hooker.' | |-----------------------------------| < Say it with me now, "Outlook is a virus!" > /"\ \ / ASCII Ribbon Campaign X Against Outlook & HTML Mail / \ http://www.thebackrow.net I'm a bastard. I have absolutely no clue why people can ever think otherwise. Yet they do. People think I'm a nice guy, and the fact is that I'm a scheming, conniving bastard who doesn't care for any hurt feelings or lost hours of work if it just results in what I consider to be a better system. -- Linus Torvalds on Kernel debuggers.
Current thread:
- Non-priv'ed users able to reboot RH 7.0? Joe Testa (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Gordon Messmer (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Matt Wilson (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? packetWhore (Oct 07)
- Re: Non-priv'ed users able to reboot RH 7.0? Aaron Campbell (Oct 08)
- Re: Non-priv'ed users able to reboot RH 7.0? Andrew Griffiths (Oct 08)