OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Non-priv'ed users able to reboot RH 7.0?
From: packetWhore (packetwhoreSTARGATE.NET)
Date: Sat Oct 07 2000 - 19:11:57 CDT

I noticed the same thing on RH6.1... Only it would ask me for a password
but I only had to enter my normal user password not the root password...
didn't think much of it because I had locked it down pretty well and it
was only a personal box.. I have since moved to Slack 7...

not sure why that is...

pW

On Sat, 7 Oct 2000, Joe Testa wrote:

> Hi.
>
> I've found on my personal Redhat 7.0 system that any unprivilaged
> user can issue a 'reboot' command to reboot the machine. I have another
> RH 7 box, but I haven't been able to reproduce it on that one. Both
> systems were installed using the "Custom" option, and on clean HDs. My
> personal system has GNOME installed and other necessary items. The
> other system is a webserver, so it has very little on it besides apache,
> gcc, etc...
>
> Here's an example:
>
>
> sh-2.04$ uname -a
> Linux virtue 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown
> sh-2.04$ id
> uid=99(nobody) gid=99(nobody) groups=99(nobody)
> sh-2.04$ reboot
>
> Broadcast message from root (tty1) Sat Oct 7 16:02:49 2000...
>
> The system is going down for reboot NOW !!
> ...
> ...
> ____________________________________
>
>
> sh-2.04$ reboot
> reboot: must be superuser.
> sh-2.04$
>
>
>
>
> Can anyone else reproduce this?
>
> - Joe Testa
>