| Summary: | a malicious user can shutdown/reboot the machine (from GDM/KDM) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Manuel Hiebel <manuel.mageia> |
| Component: | RPM Packages | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | anaselli, davidwhodgins, ftg |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
I confirm, and the reproducible case is even simpler. Anyone can shut down the system from the GDM screen, whether he's a valid user or not. Just click the shutdown widget. The proper way to handle this probably involves some consideration of auto-login. CC:
(none) =>
ftg maybe we can change that with msec, I will check with a proper install in a VM. My OS is a upgrade from Mandriva While I believe it can be disabled in msecgui, Security Settings, System security, what's to stop that person from holding down the power button, which is even more dangerous? If a system is not physically secure, there is no way to ensure it won't be damaged. Encryption can ensure they can't read the data, but nothing can stop them from wiping the hard drive. A cmos boot password can always be bypassed. There are some hard drives that require a password for access, but those are rare. CC:
(none) =>
davidwhodgins You can have physically secured systems and still be vulnerable to this sort of attack via XDMCP, which gives a similar DM login screen to a remote user. GDM used to be configurable to enable XDMCP, but then the GNOME Gods decided to do their usual "let's rewrite it from scratch and eliminate 90% of the function" crap, and there is no longer a visible way to enable XDMCP. I don't know if KDM still allows this. If they do, then this is still an issue. A remote DM user being able to shut down the system is more of a problem than a physically local user being able to hit the power button. If you change your security setting to secure no one should be able to shutdown the system using graphics. I can't see why we should have a user oriented desktop and need a root password to switch it off. I can imagine the IT manager going to every worker PCs to give root password and switch them off :D BTW you need to hide the power supply as well to avoid unpluggin the socket :D LOL (sorry i couldn't resist) CC:
(none) =>
anaselli I agree that there's more simple to turn off or make attacks on the machine. :) But it may well be unintentional, such as a user who does not know that a session is still open. So if just one session is open > the user can shutdown if two or more sessions are open > disallaw the shutdown As long as it's controllable by msecgui, I agree that defaulting to the current behavior makes sense. @Manuel, GDM at least prompts you about open console sessions. I've never tried to shutdown via GUI with an active desktop, so I don't know if it picks that up. Some of the DMs include a shutdown option in the System menu dropdown, and IIRC these prompt for the root password. This should probably be made consistent. (A malicious user who has physical access to the machine could just yank the power cord out of the wall, or apply a baseball bat to the monitor/case/keyboard, just saying...). ok so closing the bug as wontfix Status:
NEW =>
RESOLVED |
Description of problem: If we look a screen or open a new session for a personne, that person can turn off / restart the machine and therefore break the current job Steps to Reproduce: you:lock the screen a malicious/without-thought user: 1. Switch user 2. In Gdm/Kdm press restart/shutdown 3. There is just a little Warning Tested with KDM/KDE in VM and GDM/Gnome with my laptop In Debian with GDM/Gnome the OS ask the root password, a similar behavior could solve this. Thanks and sorry for my bad English