pmud security problem? Anyone can snooze a system
Seems that on iX86 boxes, apm only allows a user to snooze a system if the
binary is SUID root (which it's not, by default, on Debian). pmud's
/sbin/snooze, however, allows anyone to suspend the system. This seems like a
way to a local DOS, though only desktop systems would be using pmud. I
noticed this because KDE's klaptopdaemon checks for the SUID bit before
allowing certain options to be used.
Is this worth reporting to the BTS or not?
Frank
Reply to: