http://qa.mandrakesoft.com/show_bug.cgi?id=408
------- Additional Comments From [EMAIL PROTECTED] 2003-03-13 15:43 ------- I don't have a Mandrake Box anymore to test the Bugfix but in Version 8.2 I could not solve the problem by removing /usr/bin/shutdown. If I made a symlink to the userhelper or consolehelper (not sure) with the name shutdown and them typed "./shutdown now" I had the same problem. As I said, I didn't test the fix but I just wanted to make sure that the bug doesn't remain in Mandrake. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: if you type shutdown now as user, your system switches to runlevel 1 and you get a root-shell without any root-password query. That's a major security problem which brings Mandrake Linux in security-state compareable with windows. The Redhat Announcement from two years ago: http://www.linuxsecurity.com/advisories/redhat_advisory-673.html
