OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Non-priv'ed users able to reboot RH 7.0?
From: Matt Wilson (mswREDHAT.COM)
Date: Sat Oct 07 2000 - 18:27:24 CDT

The "reboot" command run as a normal user works only from a console
login. This is the same as being able to press "Ctrl+Alt+Del" on the
local keyboard.

For information on how this is done, look at:

man pam_console
man consolehelper

To require a password for even console users, edit /etc/pam.d/reboot
and /etc/pam.d/halt and uncomment the:

auth required /lib/security/pam_stack.so service=system-auth

line. To disable non-root access to reboot and halt, change the pam
settings to look like this:

auth required /lib/security/pam_rootok.so
account required /lib/security/pam_permit.so

Cheers,

Matt

On Sat, Oct 07, 2000 at 06:15:09PM -0400, Joe Testa wrote:
> Hi.
>
> I've found on my personal Redhat 7.0 system that any unprivilaged
> user can issue a 'reboot' command to reboot the machine. I have another
> RH 7 box, but I haven't been able to reproduce it on that one. Both
> systems were installed using the "Custom" option, and on clean HDs. My
> personal system has GNOME installed and other necessary items. The
> other system is a webserver, so it has very little on it besides apache,
> gcc, etc...
>
> Here's an example:
>
>
> sh-2.04$ uname -a
> Linux virtue 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown
> sh-2.04$ id
> uid=99(nobody) gid=99(nobody) groups=99(nobody)
> sh-2.04$ reboot
>
> Broadcast message from root (tty1) Sat Oct 7 16:02:49 2000...
>
> The system is going down for reboot NOW !!
> ...
> ...
> ____________________________________
>
>
> sh-2.04$ reboot
> reboot: must be superuser.
> sh-2.04$
>
>
>
>
> Can anyone else reproduce this?
>
> - Joe Testa