[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pmud security problem? Anyone can snooze a system

> Seems that on iX86 boxes, apm only allows a user to snooze a system if the
> binary is SUID root (which it's not, by default, on Debian). pmud's
> /sbin/snooze, however, allows anyone to suspend the system. This seems like a
> way to a local DOS, though only desktop systems would be using pmud. I
> noticed this because KDE's klaptopdaemon checks for the SUID bit before
> allowing certain options to be used.
> Is this worth reporting to the BTS or not?

It has been reported already. pmud supports unix domin socket
communication with user apps to get around this. snooze doesn´´t support
this yet (waiting for upstream there).

Check the BTS for old bugs, please.


Reply to: