In article <[EMAIL PROTECTED]>, Brian May <[EMAIL PROTECTED]> wrote: >It looks like (to me) that making shutdown setuid root means anybody >can shutdown the computer, from any location, as /etc/shutdown.allow >is only checked when -a is passed. Am I wrong?
No, that is correct. Shutdown wasn't really designed to be run setuid. It might have 1 or 2 buffer overruns as well so you *really* don't want to make it setuid root. >If I am wrong, then the documentation should be corrected for this >special case. No need to, the documentation is correct as well. Mike.
