From owner-freebsd-stable@FreeBSD.ORG  Fri Dec 10 07:11:01 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8E40106566B
	for <freebsd-stable@freebsd.org>; Fri, 10 Dec 2010 07:11:01 +0000 (UTC)
	(envelope-from rfarmer@predatorlabs.net)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com
	[209.85.216.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 137F28FC15
	for <freebsd-stable@freebsd.org>; Fri, 10 Dec 2010 07:11:00 +0000 (UTC)
Received: by qwj9 with SMTP id 9so3490266qwj.13
	for <freebsd-stable@freebsd.org>; Thu, 09 Dec 2010 23:11:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.224.67.136 with SMTP id r8mr460715qai.63.1291965060029; Thu,
	09 Dec 2010 23:11:00 -0800 (PST)
Received: by 10.220.176.132 with HTTP; Thu, 9 Dec 2010 23:10:59 -0800 (PST)
X-Originating-IP: [128.95.133.147]
In-Reply-To: <AANLkTikgGSyRLnDS6Oihw2u3SYjeZRrQWdSa9Z4t7UAE@mail.gmail.com>
References: <AANLkTimEvQ7amDeFE9eG+O9G664jXAWb9hhSt0bU+3DR@mail.gmail.com>
	<20101210060335.BCDCC1CC12@ptavv.es.net>
	<AANLkTikgGSyRLnDS6Oihw2u3SYjeZRrQWdSa9Z4t7UAE@mail.gmail.com>
Date: Thu, 9 Dec 2010 23:10:59 -0800
Message-ID: <AANLkTi=D5LrCCAdOc5FLp+XgBu=yNkuP4QoAgeGHUYfq@mail.gmail.com>
From: Rob Farmer <rfarmer@predatorlabs.net>
To: Adam Vande More <amvandemore@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-stable@freebsd.org
Subject: Re: /sbin/reboot
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 07:11:01 -0000

On Thu, Dec 9, 2010 at 22:46, Adam Vande More <amvandemore@gmail.com> wrote:
> shutdown also give operator more possibilities than a clean shutdown some
> which could be very bad.
>

I haven't thought about the situation in any detail, but nothing jumps
out at me from the manpage. You could do a denial of service thing by
kicking people off or endlessly rebooting the system, but intervention
to stop that should be easy enough. With reboot, you could require
fsck of the filesystem, plus any fallout from databases not stopping
properly, etc.

Of course, this is all (or should be) academic, since people in
"limited" admin groups like operator should be presumed able to
escalate to root. I think operator is allowed to run dump, among other
things. A big Windows security flaw is adding people to "Power Users,"
as if that stops anything beyond clumsy mistakes.

-- 
Rob Farmer