On Wed, Dec 06, 2017 at 10:52:17PM +0100, Urs Thuermann wrote: > Yesterday, my 10 years old son logged into my laptop running Debian > jessie using his account, and curiously asked if he is allowed to try > the /sbin/reboot command. Knowing I have a Linux system as opposed to > some crappy Win machine, I replied "sure, go ahead and try". Seconds > later I was completely shocked when the machine actually rebooted... > I just tried this (in a VM) and was shocked to find that it works.
> Of course, my son doesn't have any special privileges, no entry in > /etc/sudoers, etc. But then I see > > $ ls -l /sbin/reboot > lrwxrwxrwx 1 root root 14 Apr 8 2017 /sbin/reboot -> /bin/systemctl > $ ls -l /bin/systemctl > -rwxr-xr-x 1 root root 538904 Apr 8 2017 /bin/systemctl > $ dpkg -S /bin/systemctl > systemd: /bin/systemctl > Here are the other things in /sbin symlinked to systemctl: $ ls -l /sbin/ |grep systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 halt -> /bin/systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 poweroff -> /bin/systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 reboot -> /bin/systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 runlevel -> /bin/systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 shutdown -> /bin/systemctl lrwxrwxrwx 1 root root 14 Jul 5 16:31 telinit -> /bin/systemctl > The /bin/systemctl binary is not suid root, so I assume[1] it > communicates to systemd which then reboots the machine without > checking what user the request comes from. > > I wonder how can such a severe bug make it into a Debian stable > distribution? And is this just an insane default setting on Debian's > side or is it yet another instance of brain-dead systemd behavior? > I too consider this a rather serious bug. However, I do not see any evidence in the BTS [0] that such a bug has yet been reported against systemd. > Searching the man pages I couldn't find a way to fix this. How can > that be stopped? > I wonder the same thing. Regards, -Roberto [0] https://bugs.debian.org/src:systemd -- Roberto C. Sánchez