[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

pmud security problem? Anyone can snooze a system

Seems that on iX86 boxes, apm only allows a user to snooze a system if the 
binary is SUID root (which it's not, by default, on Debian). pmud's 
/sbin/snooze, however, allows anyone to suspend the system. This seems like a 
way to a local DOS, though only desktop systems would be using pmud. I 
noticed this because KDE's klaptopdaemon checks for the SUID bit before 
allowing certain options to be used.

Is this worth reporting to the BTS or not?


Reply to: