>> Recently we found a security risk caused by powermanagement on Solaris >> 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I >> haven't tested it. >Come to think of it I think I saw that exact behaviour in 2.5 too. Ever since power management was first supported, in 2.4. >> I haven't found a bugdescription or patch from sun. The only workaround >> is not to use Powermanagement with a desktop. But who is using >> powermanagement anyway? Not many people until 2.6, when it became part of the standard OS. >I've been usin powermanager on my sparc at home for 2-3 years now. Very >useful when you want to switch off the noise without having to close all >the applications. Same here. >I have another interesting aspect of Powermanager. In solaris 2.6 >powermanager is now installed by default including the setuid program >usr/openwin/bin/sys-suspend which can be used by any user to suspend the >machine and turn off the power. I think this is scary... sys-suspend can be disabled using its configuration files. BTW, the workaround for the type to xlock problem would be: xlock & sleep 2 ; sys-suspend -xfn The actual problem is that xlock gets started after sys-suspend resumes; it should be started before hand. Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:42 PDT