Unprivileged user shutdown

Michael ODonnell michael.odonnell at comcast.net
Wed Oct 13 15:18:01 EDT 2004


>> You're concerned that somebody might be able to use
>> the "poweroff" user's credentials to gain other root
>> privileges?  I've not heard of a scenario where this
>> would be a problem.
>
>The man page for su shows an option for changing the default shell that
>is run, "-s". I assume the risk here would be if one of these users were
>to run "su <shutdownacct> -s /bin/bash" and use the shutdown account's
>password to obtain an unrestricted root shell. I've never tried this so
>I'm not sure if that would work.


The attack you described was anticipated:

  NOTES
    The -m, -p and -s options are restricted by the target
    user's shell being listed in /etc/shells.  If it's
    not listed, then it's assumed to be a restricted
    account, a normal su is performed, and those options
    are ignored silently.


>Perhaps a better solution would be to set up a normal user account
>(ie, >not uid=0) and give this user sudo access to run shutdown?

That works, too.
 



More information about the gnhlug-discuss mailing list