pmud security problem? Anyone can snooze a system

To: debian-powerpc@lists.debian.org
Subject: pmud security problem? Anyone can snooze a system
From: Frank Murphy <murphyf+deb-ppc@f-m.fm>
Date: Fri, 13 Jun 2003 13:30:37 +0200
Message-id: <200306131330.37521.murphyf+deb-ppc@f-m.fm>

Seems that on iX86 boxes, apm only allows a user to snooze a system if the 
binary is SUID root (which it's not, by default, on Debian). pmud's 
/sbin/snooze, however, allows anyone to suspend the system. This seems like a 
way to a local DOS, though only desktop systems would be using pmud. I 
noticed this because KDE's klaptopdaemon checks for the SUID bit before 
allowing certain options to be used.

Is this worth reporting to the BTS or not?

Frank

Reply to:

Follow-Ups:
- Re: pmud security problem? Anyone can snooze a system
  - From: Michael Schmitz <schmitz@opal.biophys.uni-duesseldorf.de>

Prev by Date: Re: french keyboard on Pismo
Next by Date: Re: french keyboard on Pismo
Previous by thread: Re: Running Debian Linux on a RS6K H50
Next by thread: Re: pmud security problem? Anyone can snooze a system
Index(es):
- Date
- Thread