[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
Thank you for this report and the additional information supplied. Is this still an issue with the final release of Xubuntu 9.10? ** Changed in: openssh (Ubuntu) Status: New = Incomplete -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
Yes it is... ** Changed in: openssh (Ubuntu) Status: Incomplete = New -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
Thanks for the fast reply. Based on the above information and attachments, I am confirming this bug. There should be enough information for the developers to begin work to resolve this issue. Thanks for helping improve Xubuntu. ** Changed in: openssh (Ubuntu) Status: New = Triaged -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions: 1. Is this reproducible? 2. If so, what specific steps should we take to recreate this bug? Be as detailed as possible. This will help us to find and resolve the problem. ** Changed in: openssh (Ubuntu) Importance: Undecided = Low ** Changed in: openssh (Ubuntu) Status: New = Incomplete -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
1. Yes 2. I can reproduce it via the following steps: *Boot xubuntu Karmic 32 bit (with openssh service running) login with an account with restricted rights (no sudo etc.). *Boot another machine (in my case Ubuntu karmic 64bit). Use this machine to connect with xubuntu machine via ssh. Enter sudo bash within the ssh session to create elevated privileges on the remote (xubuntu) machine. *Shut down the xubuntu machine via the menu (GUI desktop) with the restricted account. The following two things happen on my end: 1The machine shuts down, obviously stopping the ssh connection and kicking the user with elevated privileges out. (this was not the case in previous versions and is hazardous, what if the ssh connection is doing important stuff etc.) 2The machine does not shut down but displays a GUI password dialog, and the restricted account is not able to shut down even if the user with elevated privileges disconnects. (So now all of a sudden you need to login as a unrestricted user to be able to shutdown the machine). -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
** Changed in: openssh (Ubuntu) Status: Incomplete = New -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
On Wed, Oct 14, 2009 at 02:54:36PM -, whoop wrote: 1The machine shuts down, obviously stopping the ssh connection and kicking the user with elevated privileges out. (this was not the case in previous versions and is hazardous, what if the ssh connection is doing important stuff etc.) Could you confirm which previous version had a different behavior? What was happening then? status incomplete -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
** Changed in: openssh (Ubuntu) Status: New = Incomplete -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
I don't know what exact version. With previous version I mean Jaunty (and Intrepid, and hardy, and gutsy). The behaviour was different: If the restricted user tried to shutdown (the local machine) while a remote user(with elevated privileges) was logged in, the restricted user would get a dialog staing the system could not be shut down because an elevated user was using the machine. Once the elevated user was logged out the restricted user could shut down the machine... ** Changed in: openssh (Ubuntu) Status: Incomplete = New -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 441669] Re: User with restricted rights is able to shutdown machine while ssh superuser is connected
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- User with restricted rights is able to shutdown machine while ssh superuser is connected https://bugs.launchpad.net/bugs/441669 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
