On Sun, Nov 08, 2020 at 12:05:14PM -0800, Dave Stevens wrote: > Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > > On Sun, Nov 08, 2020 at 11:13:31AM -0800, Dave Stevens wrote: > > > "The current console user is generally allowed to reboot the > > > system." why?? isn't that a giant security hole? just from > > > mistakes, not to mention malice. > > What is the attack scenario you are envisioning here for this to be a > > security issue? > denial of service? Turning of your own machine is technically a denial of service, sure. But as the headline issue here shows, you're prompted for authentication if another account is logged in. (This is the case for example when user-switching to share a machine, or when someone is logged in remotely.) If you do have a system where physical login access is available but the machine is also acting as a server, and you don't have 100% trust for the people with that physical access, you should configure the system to be more locked-down in a variety of ways, including this one. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx