Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Apr 2000 16:51:13 -0400 (EDT)
From:      The AnarCat <beaupran@iro.umontreal.ca>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/17910: Do not allow 'operators' to drop to single user via shutdown
Message-ID:  <20000410205113.4E0C219BC@anarcat.dyndns.org>
next in thread | raw e-mail | index | archive | help 

>Number:         17910
>Category:       bin
>Synopsis:       Do not allow 'operators' to drop to single user via shutdown
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 10 14:00:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Anarcat
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
>Environment:

        FreeBSD 3.4-1999.11.01

>Description:

        The shutdown(8) utility can be used to stop the system so that
it drops to single-user modem, by any user in the operator group. This
situation may not be desirable in the case of "public" workstations. 

For example, say you have some workstations of which the only access is
through the keyboard and monitor. You do not wish to have any user have
root access on these boxes. A user may shutdown(8) the machine, if he's
got the permissions (operator group membership in the default setup) but
should never have single-user access (this also implies that the console
is marked "secure" in /etc/ttys, of course).

>How-To-Repeat:

        User john is in the "operator" group:

login: john
password: 
$ shutdown now
[single user mode]

>Fix:
	
Patch to sbin/shutdown.c:

*** /usr/src/sbin/shutdown/shutdown.c.orig	Thu Sep  9 22:09:39 1999
--- /usr/src/sbin/shutdown/shutdown.c	Mon Apr 10 16:33:27 2000
***************
*** 163,168 ****
--- 163,172 ----
  	if (nosync != NULL && !oflag)
  		usage("-n requires -o");
  
+          /* do not allow anyone else than root to drop to single user */
+         if ((!dohalt) && (!doreboot) && (getuid() != 0))
+                 usage("only root can drop to single user");
+         
  	getoffset(*argv++);
  
  	if (*argv) {



>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000410205113.4E0C219BC>