OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Non-priv'ed users able to reboot RH 7.0?
From: Andrew Griffiths (griffiths_aSCHOLAR.DON.TASED.EDU.AU)
Date: Sun Oct 08 2000 - 18:43:15 CDT

At 06:15 PM 7/10/2000 -0400, you wrote:
>Hi.

G'day.

>
> I've found on my personal Redhat 7.0 system that any unprivilaged
>user can issue a 'reboot' command to reboot the machine. I have another
>RH 7 box, but I haven't been able to reproduce it on that one. Both
>systems were installed using the "Custom" option, and on clean HDs. My
>personal system has GNOME installed and other necessary items. The
>other system is a webserver, so it has very little on it besides apache,
>gcc, etc...
>
>

It's your bash path setting, you'll find a /usr/bin/shutdown (a wrapper to
userhelper which relies on pam) and a /sbin/shutdown, I suspect sh pointed
to /sbin before /usr/bin. Oh well, this is for 6.2, but you may want to
check /etc/pam.d/shutdown (if it exists) and the default pam.d. Also, when
you log in on the console, you get various priveldges, such as floppy and
cd control. Check out pam.

                Andrew Griffiths

        |-----------------------------------|
         | 'Outlook Express - Spreading more |
         | viruses than a diseased hooker.' |
         |-----------------------------------|

    < Say it with me now, "Outlook is a virus!" >

         /"\
         \ / ASCII Ribbon Campaign
          X Against Outlook & HTML Mail
         / \ http://www.thebackrow.net

  I'm a bastard. I have absolutely no clue why people can ever think
  otherwise. Yet they do. People think I'm a nice guy, and the fact
  is that I'm a scheming, conniving bastard who doesn't care for any
  hurt feelings or lost hours of work if it just results in what I
  consider to be a better system.

  -- Linus Torvalds on Kernel debuggers.