Re: Security risk with powermanagemnet on Solaris 2.6

From: Lars-Erik Johansson (lejat_private)
Date: Fri Jul 17 1998 - 05:12:52 PDT

Next message: Greg Alexander: "Re: New Java Security Flaw Found"

Previous message: Robert Sink: "Re: Security risk with powermanagemnet on Solaris 2.6"
Maybe in reply to: Ralf Lehmann ralflat_private: "Security risk with powermanagemnet on Solaris 2.6"
Next in thread: Casper Dik: "Re: Security risk with powermanagemnet on Solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 16 Jul 1998, Ralf Lehmann ralflat_private wrote:

> Recently we found a security risk caused by powermanagement on Solaris
> 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I
> haven't tested it.
Come to think of it I think I saw that exact behaviour in 2.5 too.

> I haven't found a bugdescription or patch from sun. The only workaround
> is not to use Powermanagement with a desktop. But who is using
> powermanagement anyway?
I've been usin powermanager on my sparc at home for 2-3 years now. Very
useful when you want to switch off the noise without having to close all
the applications.

I have another interesting aspect of Powermanager. In solaris 2.6
powermanager is now installed by default including the setuid program
usr/openwin/bin/sys-suspend which can be used by any user to suspend the
machine and turn off the power. I think this is scary...

/lej

 ////  | Dyslexics    |
|--00  | of the world |
C   ^  | UNTIE!       |
 \ ~/  ~~~|~~~~~~~~~~~
  | |-----3

Next message: Greg Alexander: "Re: New Java Security Flaw Found"
Previous message: Robert Sink: "Re: Security risk with powermanagemnet on Solaris 2.6"
Maybe in reply to: Ralf Lehmann ralflat_private: "Security risk with powermanagemnet on Solaris 2.6"
Next in thread: Casper Dik: "Re: Security risk with powermanagemnet on Solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:04 PDT