shutdown/reboot now require membership of group _shutdown

Contributed by
rueda
on
from the cleanliness dept.

Theo de Raadt (deraadt@)
committed
changes which result in
the
shutdown(8)
and
reboot(8)
commands
(in -current)
requiring membership of the the (new) group
_shutdown“.
The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2023/06/19 07:05:25

Modified files:
	etc            : group 
	sbin/shutdown  : Makefile shutdown.8 

Log message:
The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes).  This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s).  Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.

The xfce port has already
been
modified
to accommodate this.

It is entirely possible other ports need to be updated too, so please test your favorite (and maybe some not-so-favorite) software on the latest snapshot you can get your hands on!


Source link