From owner-freebsd-bugs Mon Apr 10 14: 0: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 4896337BAD5 for ; Mon, 10 Apr 2000 14:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA07379; Mon, 10 Apr 2000 14:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id 8968237B6A9 for ; Mon, 10 Apr 2000 13:52:06 -0700 (PDT) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id 4E0C219BC; Mon, 10 Apr 2000 16:51:13 -0400 (EDT) Message-Id: <20000410205113.4E0C219BC@anarcat.dyndns.org> Date: Mon, 10 Apr 2000 16:51:13 -0400 (EDT) From: The AnarCat Reply-To: The AnarCat To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/17910: Do not allow 'operators' to drop to single user via shutdown Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 17910 >Category: bin >Synopsis: Do not allow 'operators' to drop to single user via shutdown >Confidential: yes >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 10 14:00:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Anarcat >Release: FreeBSD 3.4-STABLE i386 >Organization: >Environment: FreeBSD 3.4-1999.11.01 >Description: The shutdown(8) utility can be used to stop the system so that it drops to single-user modem, by any user in the operator group. This situation may not be desirable in the case of "public" workstations. For example, say you have some workstations of which the only access is through the keyboard and monitor. You do not wish to have any user have root access on these boxes. A user may shutdown(8) the machine, if he's got the permissions (operator group membership in the default setup) but should never have single-user access (this also implies that the console is marked "secure" in /etc/ttys, of course). >How-To-Repeat: User john is in the "operator" group: login: john password: $ shutdown now [single user mode] >Fix: Patch to sbin/shutdown.c: *** /usr/src/sbin/shutdown/shutdown.c.orig Thu Sep 9 22:09:39 1999 --- /usr/src/sbin/shutdown/shutdown.c Mon Apr 10 16:33:27 2000 *************** *** 163,168 **** --- 163,172 ---- if (nosync != NULL && !oflag) usage("-n requires -o"); + /* do not allow anyone else than root to drop to single user */ + if ((!dohalt) && (!doreboot) && (getuid() != 0)) + usage("only root can drop to single user"); + getoffset(*argv++); if (*argv) { >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message