I was updating an xubuntu 32bit karmic machine with a ubuntu 64bit karmic machine via ssh and elevated privileges (sudo bash).
A user with a restricted account was able to shut down the xubuntu machine while this ssh session was running. This was not the case in jaunty, the xubuntu machine reported dpkg interruption after I restarted it.
This problem is reproducible most of the time, but it happened once that the xubuntu machine asked for a password before shutting down. Even if the right password was given it wouldn't shut down (which isn't much of a problem because it should never shut down when a superuser is logged in (in my opinion)). But once the superuser had logged out the machine still wouldn't shut down (which is a problem again)...
I am not sure which package is to blame here, so I opted for ssh (but it could also be something to do with user-privileges or shutdown-procedures etc.).
I also wasn't sure if this was a security issue. It's not an exploit or something but it could get quite ugly if stuff like this can happen.
Date: Sat Oct 3 21:23:23 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: vmnet vmci vmmon nvidia
Package: ssh (not installed)
ProcVersionSignature: Ubuntu 2.6.31-11.38-generic
Uname: Linux 2.6.31-11-generic x86_64