According to Tomasz Wêgrzanowski: > > Note that 'shutdown' was NOT designed to be run setuid - for all > > I know it's full of grave security holes if you do. You then not > > only gave the people in the group 'power' permission to shut down > > the machine, you just granted them root access as well ... > > I see some possibilities to make a mess with suid shutdown but not > much more mess than with turning power off by button > but if you know any exploits of suid shutdown of which I dont know > please tell me (Ive found nothing in manpages)
Well it would be a bit weird if root-exploits were described in manpages wouldn't it ;) But the source might contain a buffer overflow exploit, or another exploit. Yes, I wrote the code myself, and there is even a comment in the code about running setuid in a special group. But in my experience _every_ setuid program has at least one hole, no matter how careful you are. Avoiding setuid programs (esp. setuid root) is important. If you still consider doing this, at least 2 different experienced people should audit the program you want to make setuid (shutdown) to see if there are no security problems involved. Mike. -- First things first, but not necessarily in that order.
