Unprivileged user shutdown
Michael ODonnell
michael.odonnell at comcast.net
Wed Oct 13 15:18:01 EDT 2004
>> You're concerned that somebody might be able to use
>> the "poweroff" user's credentials to gain other root
>> privileges? I've not heard of a scenario where this
>> would be a problem.
>
>The man page for su shows an option for changing the default shell that
>is run, "-s". I assume the risk here would be if one of these users were
>to run "su <shutdownacct> -s /bin/bash" and use the shutdown account's
>password to obtain an unrestricted root shell. I've never tried this so
>I'm not sure if that would work.
The attack you described was anticipated:
NOTES
The -m, -p and -s options are restricted by the target
user's shell being listed in /etc/shells. If it's
not listed, then it's assumed to be a restricted
account, a normal su is performed, and those options
are ignored silently.
>Perhaps a better solution would be to set up a normal user account
>(ie, >not uid=0) and give this user sudo access to run shutdown?
That works, too.
More information about the gnhlug-discuss
mailing list