[7329] in bugtraq
Re: Security risk with powermanagemnet on Solaris 2.6
daemon@ATHENA.MIT.EDU (Brad Powell)
Tue Jul 21 14:03:27 1998
Date: Mon, 20 Jul 1998 15:36:39 -0700
Reply-To: Brad Powell <Brad.Powell@ENG.SUN.COM>
From: Brad Powell <Brad.Powell@ENG.SUN.COM>
X-To: lej@ALGO.NET
To: BUGTRAQ@NETSPACE.ORG
lej writes to bugtraq:
>From: Lars-Erik Johansson <lej@ALGO.NET>
>Subject: Re: Security risk with powermanagemnet on Solaris 2.6
>To: BUGTRAQ@NETSPACE.ORG
more text deleted
>I have another interesting aspect of Powermanager. In solaris 2.6
>powermanager is now installed by default including the setuid program
>usr/openwin/bin/sys-suspend which can be used by any user to suspend the
>machine and turn off the power. I think this is scary...
not so. Who is allowed to run sys-suspend (according to the man page) is
controlled by the configuration file /etc/default/sys-suspend. The default is
PERMS=console-owner
thus only the "console owner" can suspend the system. If an intruder
has physical access to the console, then yes he/she could use sys-suspend.
But then you have bigger problems imho :-) :-\
I'd agree that the default configuration should probably be
PERMS= -
or
PERMS=root
edit by hand or a simple titan script would fix this.
=======================================================================
Brad Powell : brad.powell@Sun.COM
Sr. Network Security Architect
Sun Microsystems Inc.
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================
