Subject: 'shutdown' setuid?
To: None <>
From: Steve Bellovin <>
List: netbsd-users
Date: 12/03/2002 23:05:08
Why is /sbin/shutdown setuid root on 1.6 and -current?  (I haven't checked
any other versions.)  The code ensures that it's running as root, which 
is reasonable -- but if it's setuid, it always will be.

(I agree that on single-user machines, it's a reasonable thing to do.  
But the owner can do that on a per-machine basis.)

		--Steve Bellovin, (me) ("Firewalls" book)