Security issues are discussed all over the web as if everyone cares. Actually none does. Anyway, amidst the fuss, we do miss many simple things. Do not confuse features in a software with security vulnerabilities. If a user has a privilege to shut down the computer, he can do it by running a script in the console, writing a piece of code to do it, or just clicking on the shut down icon in the GUI. Any of these features are not security vulnerabilities. It is not the way in which the user accomplishes a task make it a security vulnerability. The question is whether the user is entitled to do the job he is trying to do. Raymond Chen observes:
It is not a security vulnerability that users with permission to shut down the computer can shut down the computer. This is another example of people getting excited that they were able to do something unusual. But just because you can do something unusual doesn’t mean that you’ve found a security vulnerability.
So something is a security vulnerability only when you can do what you were not supposed to do. If you can do something that you are allowed to do, that is what is called… hmm… I don’t know… may be just you don’t call it anything. You just continue with your work.