>> Recently we found a security risk caused by powermanagement on Solaris
>> 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I
>> haven't tested it.
>Come to think of it I think I saw that exact behaviour in 2.5 too.
Ever since power management was first supported, in 2.4.
>> I haven't found a bugdescription or patch from sun. The only workaround
>> is not to use Powermanagement with a desktop. But who is using
>> powermanagement anyway?
Not many people until 2.6, when it became part of the standard OS.
>I've been usin powermanager on my sparc at home for 2-3 years now. Very
>useful when you want to switch off the noise without having to close all
>the applications.
Same here.
>I have another interesting aspect of Powermanager. In solaris 2.6
>powermanager is now installed by default including the setuid program
>usr/openwin/bin/sys-suspend which can be used by any user to suspend the
>machine and turn off the power. I think this is scary...
sys-suspend can be disabled using its configuration files.
BTW, the workaround for the type to xlock problem would be:
xlock & sleep 2 ; sys-suspend -xfn
The actual problem is that xlock gets started after sys-suspend resumes;
it should be started before hand.
Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:42 PDT