On Wed, Dec 06, 2017 at 10:48:11PM +0000, Brian wrote: > On Wed 06 Dec 2017 at 22:52:17 +0100, Urs Thuermann wrote: > > > Yesterday, my 10 years old son logged into my laptop running Debian > > jessie using his account, and curiously asked if he is allowed to try > > the /sbin/reboot command. Knowing I have a Linux system as opposed to > > some crappy Win machine, I replied "sure, go ahead and try". Seconds > > later I was completely shocked when the machine actually rebooted... > > > > Of course, my son doesn't have any special privileges, no entry in > > /etc/sudoers, etc. But then I see > > He is privileged because he has physical access to the machine. > Not necessarily. It is falacious to assume that someone logging in via display manager or TTY has physical access.
-- Roberto C. Sánchez