privilege escalation when canceling the low-graphics warning prompt

I noticed when I type `sudo shutdown now` at a terminal prompt, I get the same root shell after X shuts down. At least that asks for my password, but it could be related.

I suspect it has to do with the behavior of "shutdown" when in runlevel 1.

I was recently trying different kernels and chose one that I didn't have graphics drivers for, which caused me to boot up in low graphics mode. Upon realizing this, I clicked shutdown and got the root shell. This is a cold boot, never logged in, getting a root shell.

This is on up-to-date Hardy as of yesterday.

Oreomike: Low graphics mode doesn't correspond to runlevel 1, though.

It's unclear from the comments so far which this "low graphics mode" is? By this is it meant the bulletproof-X mode, with the "select monitor and driver" GUI screen? Or is it some other mode?

<^-> [ted] bryce, I'm not sure of the correct name. It's when you have the screen to configure or shutdown.
<bryce> the one that shows a gui with some controls for selecting monitor and driver and so on?
<^-> [ted] bryce, no the one before that.

This seems to be the problematic code, in /usr/bin/xfailsafedialog:

class FailSafeDialog:
    def __init__(self):
        self.options = FailSafeOptions()
        # Homage to glade
        gtk.window_set_default_icon_name("display-capplet")
        header = _("Ubuntu is running in low-graphics mode")
        msg = _("Your screen and graphics card could not be detected "
                "correctly. To use higher resolutions, visual effects "
                "or multiple screens, you have to configure the display "
                "yourself.")
        ...
        dia.add_button(_("_Shut Down"), RESPONSE_SHUTDOWN)
        ...
       elif res == RESPONSE_SHUTDOWN:
            print "shutdown"
            os.system("/sbin/shutdown now")

Not sure why shutdown now is leaving the user at a prompt though. Anyone got an idea there?

xfailsafedialog is getting called via gksu:

    /usr/bin/gksu -u root "/usr/bin/xfailsafedialog"

However come to think of it, I've never seen the root password prompt. Anyone got a better solution that causes a password to be prompted for?

Re-filing to displayconfig-gtk since the primary issue seems localized to its code in any case.

Oh, and the fact that gdm is off is a red herring here - we temporarily disable it during the failsafe mode since otherwise it tries to handle the failure itself by displaying the text-mode "failed to configure X" message. Normally bulletproof-x then restarts gdm, but when the user clicks shutdown it sounds like the code to restart gdm isn't invoked.

I am still unable to reproduce this bug -- does anyone have steps from a clean install to make this happen?

Note that the report says "root prompt" not "password prompt".

I can reproduce this here on hardy, however it does not seem to be a displayconfig problem, more a problem with /sbin/shutdown. If I start hardy, open a terminal and type "sudo shutdown now" the tty that used to have gdm on it now has the friendly-recovery menu (/etc/event.d/rcS-sulogin).

/sbin/shutdown is part of upstart, the last hardy upload happend a while ago, so either this issue is around for some time or the actual problem is somewhere else.

If I open a terminal on my laptop, and type shutdown now (not sure if I had to do sudo or not) then gdm shuts down, and I get a logged-in root shell.

Note that I'm running with the "automatically log on as <user>" setting, not sure if it is related. That is why I said it could be related to runlevel 1. again though, not sure.

For me, the xfailsafedialog pops up if I boot up my laptop while docked with my laptop open and it can't determine which display (19" Docked LCD or 12" Laptop LCD) to use.

Okay, got this happening now. I see:
init: rc1 main process (5553) killed by TERM signal

that's no good. :P I will try to get more details.

I just got confirmation from Scott (upstart upstream) that its indeed a bug in displayconfig to not run it with -r or -h. The default behavior of shutdown without additional options is to go into single user mode.

This bug was fixed in the package displayconfig-gtk - 0.3.9

---------------
displayconfig-gtk (0.3.9) hardy; urgency=low

  * xfailsafedialog:
    - call shutdown with "-h" (LP: #190370)

 -- Michael Vogt <email address hidden> Tue, 18 Mar 2008 17:39:33 +0100