Re: pmud security problem? Anyone can snooze a system

To: Frank Murphy <murphyf+deb-ppc@f-m.fm>
Cc: debian-powerpc@lists.debian.org
Subject: Re: pmud security problem? Anyone can snooze a system
From: Michael Schmitz <schmitz@opal.biophys.uni-duesseldorf.de>
Date: Fri, 13 Jun 2003 21:54:00 +0200 (CEST)
Message-id: <Pine.LNX.4.44.0306132151001.3087-100000@opal.biophys.uni-duesseldorf.de>
In-reply-to: <200306131330.37521.murphyf+deb-ppc@f-m.fm>

> Seems that on iX86 boxes, apm only allows a user to snooze a system if the
> binary is SUID root (which it's not, by default, on Debian). pmud's
> /sbin/snooze, however, allows anyone to suspend the system. This seems like a
> way to a local DOS, though only desktop systems would be using pmud. I
> noticed this because KDE's klaptopdaemon checks for the SUID bit before
> allowing certain options to be used.
>
> Is this worth reporting to the BTS or not?

It has been reported already. pmud supports unix domin socket
communication with user apps to get around this. snooze doesnÂ´Â´t support
this yet (waiting for upstream there).

Check the BTS for old bugs, please.

	Michael

Reply to:

References:
- pmud security problem? Anyone can snooze a system
  - From: Frank Murphy <murphyf+deb-ppc@f-m.fm>

Prev by Date: Re: Getting Dual Independent Heads to work on Debian(sid) on iBook
Next by Date: Re: Getting Dual Independent Heads to work on Debian(sid) on iBook
Previous by thread: pmud security problem? Anyone can snooze a system
Next by thread: no network connection after kernel compilation
Index(es):
- Date
- Thread