On Fri, 2003-03-14 at 17:07, Vincent Danen wrote: > On Fri Mar 14, 2003 at 03:11:24PM +0000, Adam Williamson wrote: > > > Not entirely. You also have to lock your case shut somehow to stop > > someone opening it up and flicking the BIOS reset... > > > > Anyway, in regards to the original bug, this isn't purely a local > > exploit, surely? Doesn't it also apply to someone ssh'ing in from a > > remote site? i.e., I could give a simple user account to someone in > > Australia, thinking it's safe, and they could then ssh in and use this > > exploit to get a root shell? > > No. This is a console-only thing, driven by pam. pam only allows users at > a physical console access to this. Same with halt and reboot, which act as > expected.
Aha, good. :) -- adamw
