[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected

[whoop]

1. Yes
2. I can reproduce it via the following steps:
*Boot xubuntu Karmic 32 bit (with openssh service running) login with an account with restricted rights (no sudo etc.).
*Boot another machine (in my case Ubuntu karmic 64bit). Use this machine to connect with xubuntu machine via ssh. Enter sudo bash within the ssh session to create elevated privileges on the remote (xubuntu) machine.
*Shut down the xubuntu machine via the menu (GUI desktop) with the restricted account.

The following two things happen on my end:
1The machine shuts down, obviously stopping the ssh connection and kicking the user with elevated privileges out. (this was not the case in previous versions and is hazardous, what if the ssh connection is doing important stuff etc.)
2The machine does not shut down but displays a GUI password dialog, and the restricted account is not able to shut down even if the user with elevated privileges disconnects. (So now all of a sudden you need to login as a unrestricted user to be able to shutdown the machine).

-- 
User with restricted rights is able to shutdown machine while ssh superuser is connected
https://bugs.launchpad.net/bugs/441669
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.