Remote shutdown vulnerability ?

John Jolet john at
Sun Dec 3 01:28:15 UTC 2006

On Dec 2, 2006, at 7:24 PM, Gabriel Dragffy wrote:

> On Sat, 2006-12-02 at 15:27 +0000, Mike Zeinz wrote:
>> Hello,
>>           I'm writing to this ML to report a dirty scene that  
>> happened
>> to me.
>>           I have ubuntu edgy installed in a machine located at  
>> room A.
>>           Now, someone calls me to go to room B and locked me in  
>> that room
>>           that have a machine running Windows. I really don't  
>> remember
>> if I've
>>           locked my machine in room A somehow with xlock or locked my
>> terminal..
>>           For security reasons I decided to download putty and  
>> access my
>> machine
>>           in room A and shutdown with `sudo shutdown now`.
>>           The thing was when I came back to my machine it wasn't off,
>> and worst
>>           it had root at bob# terminal opened.
>>           What went wrong?
>>             Did I shut down the machine incorrectly?
>>             Is this a flaw? (...)
>>             What else can originate this flaw?
>>             How can I solve the problem?
>> Regards,
>>                 Mike.
> I'm not sure exactly, but I always successfully shut down using:
> sudo shutdown -hP now
I've had problems before with shutdown via sudo, not just on ubuntu.   
also on gentoo and redhat.  sudo su - first, then poweroff.

More information about the ubuntu-users mailing list