lej writes to bugtraq: >From: Lars-Erik Johansson <lejat_private> >Subject: Re: Security risk with powermanagemnet on Solaris 2.6 >To: BUGTRAQat_private more text deleted >I have another interesting aspect of Powermanager. In solaris 2.6 >powermanager is now installed by default including the setuid program >usr/openwin/bin/sys-suspend which can be used by any user to suspend the >machine and turn off the power. I think this is scary... not so. Who is allowed to run sys-suspend (according to the man page) is controlled by the configuration file /etc/default/sys-suspend. The default is PERMS=console-owner thus only the "console owner" can suspend the system. If an intruder has physical access to the console, then yes he/she could use sys-suspend. But then you have bigger problems imho :-) :-\ I'd agree that the default configuration should probably be PERMS= - or PERMS=root edit by hand or a simple titan script would fix this. ======================================================================= Brad Powell : brad.powellat_private Sr. Network Security Architect Sun Microsystems Inc. ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:44 PDT