Remote shutdown vulnerability ?
john at jolet.net
Sun Dec 3 01:28:15 UTC 2006
On Dec 2, 2006, at 7:24 PM, Gabriel Dragffy wrote:
> On Sat, 2006-12-02 at 15:27 +0000, Mike Zeinz wrote:
>> I'm writing to this ML to report a dirty scene that
>> to me.
>> I have ubuntu edgy installed in a machine located at
>> room A.
>> Now, someone calls me to go to room B and locked me in
>> that room
>> that have a machine running Windows. I really don't
>> if I've
>> locked my machine in room A somehow with xlock or locked my
>> For security reasons I decided to download putty and
>> access my
>> in room A and shutdown with `sudo shutdown now`.
>> The thing was when I came back to my machine it wasn't off,
>> and worst
>> it had root at bob# terminal opened.
>> What went wrong?
>> Did I shut down the machine incorrectly?
>> Is this a flaw? (...)
>> What else can originate this flaw?
>> How can I solve the problem?
> I'm not sure exactly, but I always successfully shut down using:
> sudo shutdown -hP now
I've had problems before with shutdown via sudo, not just on ubuntu.
also on gentoo and redhat. sudo su - first, then poweroff.
More information about the ubuntu-users