From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-163300-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 8F3B9138CCD
	for <garchives@archives.gentoo.org>; Sun, 29 Mar 2015 19:20:55 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3F0AEE0AD9;
	Sun, 29 Mar 2015 19:20:51 +0000 (UTC)
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 31E3AE0AC4
	for <gentoo-user@lists.gentoo.org>; Sun, 29 Mar 2015 19:20:50 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtIMAGvvdVRo3n5A/2dsb2JhbAA3HYE2oW+BCIF1AQEEATocKAsLIRMSDwUlN4gAohGMNRAIAgICGgMBAoM+Aw4BAyoWgjtjBI1Vh2GFbY0Y
X-IPAS-Result: AtIMAGvvdVRo3n5A/2dsb2JhbAA3HYE2oW+BCIF1AQEEATocKAsLIRMSDwUlN4gAohGMNRAIAgICGgMBAoM+Aw4BAyoWgjtjBI1Vh2GFbY0Y
X-IronPort-AV: E=Sophos;i="5.01,1,1400040000"; 
   d="scan'208";a="114896342"
Received: from 104-222-126-64.cpe.teksavvy.com (HELO waltdnes.org) ([104.222.126.64])
  by ironport2-out.teksavvy.com with SMTP; 29 Mar 2015 15:20:48 -0400
Received: by waltdnes.org (sSMTP sendmail emulation); Sun, 29 Mar 2015 19:20:47 -0400
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Sun, 29 Mar 2015 19:20:47 -0400
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] How to poweroff the system from user?
Message-ID: <20150329232047.GA11270@waltdnes.org>
References: <20150321152656.a82a84b3e8a32c8b68554548@gmail.com>
 <2098241.ygyfAjpUPx@wstn>
 <CAGQH77fpLWRqxMAp_wBo_aGk9GE7km-s_GPbvsLmTugX40AAsg@mail.gmail.com>
 <23787818.Bd5keXIqRP@wstn>
 <87lhigqe2n.fsf@heimdali.yagibdah.de>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87lhigqe2n.fsf@heimdali.yagibdah.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Archives-Salt: 7acff732-216b-463a-b7c7-651f43545c6d
X-Archives-Hash: 6383894c21d3cae9b054fa0189042217

On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote

> That leaves the question why a user who isn't even logged in should
> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del.
> Such users shouldn't be allowed to do anything but to log in.

  As the old saying goes... "If you don't have physical security, you
don't have any security".  A malicious person at the physical keyboard
of the machine could just as easily yank the power cord of out of the
wall, insert a USB key into the machine, plug the machine back in, boot
up from the USB key, and copy over malicious binaries.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications