Recently we found a security risk caused by powermanagement on Solaris 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I haven't tested it. Sorry if this has been posted before. Powermanagement Functionality: If you are using a desktop like CDE or OpenLook you can press the on/off button on the keyboard to suspend the system. Suspending means that the whole kernel and all process memory is saved to disk. If you turn on the machine, the boot procedure realizes that the system has been suspended and restores the kernel and the processes. Operation of the system continues exately where it has been stopped, with one exeption. Lockscreen is called to prevent unauthorized access to the just started maschine. Here is the bug: When you reboot a suspended system you will see the line like Restoring system... on your screen. After a few seconds the line disapears and the screen is dark. Now start typing characters on the keyboard. On a slow SPARC 5 you will have 20 to 30 seconds to enter characters. All that input is delivered to the last active tool on the desktop even before lockscreen can catch the input fokus. It is a lot of fun if the superuser suspended the system and the last active tool was a shell. Try this: Shortly after the line "Restoring ..." disapears type passwd -d root or echo + + >> /.rhosts or any other command you like to be executed as root. You don't have to worry about the time. On a SPARC 5 you will have a lot of time (20 seconds). After about 20 seconds of darkness you can see the desktop for a short moment before lockscreen is activated. But the damage is done already. I haven't found a bugdescription or patch from sun. The only workaround is not to use Powermanagement with a desktop. But who is using powermanagement anyway? Ralf Lehmann ralflat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:31 PDT