Bugtraq mailing list archives
Re: Security risk with powermanagemnet on Solaris 2.6
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 21 Jul 1998 10:32:48 +0200
Recently we found a security risk caused by powermanagement on Solaris 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I haven't tested it.
Come to think of it I think I saw that exact behaviour in 2.5 too.
Ever since power management was first supported, in 2.4.
I haven't found a bugdescription or patch from sun. The only workaround is not to use Powermanagement with a desktop. But who is using powermanagement anyway?
Not many people until 2.6, when it became part of the standard OS.
I've been usin powermanager on my sparc at home for 2-3 years now. Very useful when you want to switch off the noise without having to close all the applications.
Same here.
I have another interesting aspect of Powermanager. In solaris 2.6 powermanager is now installed by default including the setuid program usr/openwin/bin/sys-suspend which can be used by any user to suspend the machine and turn off the power. I think this is scary...
sys-suspend can be disabled using its configuration files. BTW, the workaround for the type to xlock problem would be: xlock & sleep 2 ; sys-suspend -xfn The actual problem is that xlock gets started after sys-suspend resumes; it should be started before hand. Casper
Current thread:
- Re: Security risk with powermanagemnet on Solaris 2.6 Lars-Erik Johansson (Jul 17)
- Re: Security risk with powermanagemnet on Solaris 2.6 Casper Dik (Jul 21)
- <Possible follow-ups>
- Re: Security risk with powermanagemnet on Solaris 2.6 Robert Sink (Jul 17)
- Re: Security risk with powermanagemnet on Solaris 2.6 Brad Powell (Jul 20)