[7308] in bugtraq
Re: Security risk with powermanagemnet on Solaris 2.6
daemon@ATHENA.MIT.EDU (Lars-Erik Johansson)
Mon Jul 20 18:40:14 1998
Date: Fri, 17 Jul 1998 14:12:52 +0200
Reply-To: Lars-Erik Johansson <lej@ALGO.NET>
From: Lars-Erik Johansson <lej@ALGO.NET>
X-To: "Ralf Lehmann ralfl@darwin.muc.de" <ralfl@DARWIN.MUC.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807162046.WAA01173@darwin.muc.de>
On Thu, 16 Jul 1998, Ralf Lehmann ralfl@darwin.muc.de wrote:
> Recently we found a security risk caused by powermanagement on Solaris
> 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I
> haven't tested it.
Come to think of it I think I saw that exact behaviour in 2.5 too.
> I haven't found a bugdescription or patch from sun. The only workaround
> is not to use Powermanagement with a desktop. But who is using
> powermanagement anyway?
I've been usin powermanager on my sparc at home for 2-3 years now. Very
useful when you want to switch off the noise without having to close all
the applications.
I have another interesting aspect of Powermanager. In solaris 2.6
powermanager is now installed by default including the setuid program
usr/openwin/bin/sys-suspend which can be used by any user to suspend the
machine and turn off the power. I think this is scary...
/lej
//// | Dyslexics |
|--00 | of the world |
C ^ | UNTIE! |
\ ~/ ~~~|~~~~~~~~~~~
| |-----3
