Date: Thu, 9 Dec 2010 23:10:59 -0800 From: Rob Farmer <rfarmer@predatorlabs.net> To: Adam Vande More <amvandemore@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: /sbin/reboot Message-ID: <AANLkTi=D5LrCCAdOc5FLp%2BXgBu=yNkuP4QoAgeGHUYfq@mail.gmail.com> In-Reply-To: <AANLkTikgGSyRLnDS6Oihw2u3SYjeZRrQWdSa9Z4t7UAE@mail.gmail.com> References: <AANLkTimEvQ7amDeFE9eG%2BO9G664jXAWb9hhSt0bU%2B3DR@mail.gmail.com> <20101210060335.BCDCC1CC12@ptavv.es.net> <AANLkTikgGSyRLnDS6Oihw2u3SYjeZRrQWdSa9Z4t7UAE@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 9, 2010 at 22:46, Adam Vande More <amvandemore@gmail.com> wrote: > shutdown also give operator more possibilities than a clean shutdown some > which could be very bad. > I haven't thought about the situation in any detail, but nothing jumps out at me from the manpage. You could do a denial of service thing by kicking people off or endlessly rebooting the system, but intervention to stop that should be easy enough. With reboot, you could require fsck of the filesystem, plus any fallout from databases not stopping properly, etc. Of course, this is all (or should be) academic, since people in "limited" admin groups like operator should be presumed able to escalate to root. I think operator is allowed to run dump, among other things. A big Windows security flaw is adding people to "Power Users," as if that stops anything beyond clumsy mistakes. -- Rob Farmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=D5LrCCAdOc5FLp%2BXgBu=yNkuP4QoAgeGHUYfq>