On 08Nov2020 11:13, Dave Stevens <geek(a)uniserve.com> wrote:
On Sat, 7 Nov 2020 17:28:01 -0800
jdow <jdow(a)earthlink.net> wrote:
<stuff edited out>
and then others wrote
"The current console user is generally allowed to reboot the system."
why?? isn't that a giant security hole? just from mistakes, not to
mention malice.
Cannot the console user type Ctrl-Alt-Del anyway? So I'm not sure this
is of itself a security hole. Except in as much as it relies of software
correctly deducing the physical presence of the console user at the
console, and mucking that up would indeed be a security hole.
So I think of itself it seems half legit, but it increases the attack
surface.
Cheers,
Cameron Simpson <cs(a)cskk.id.au>