Re: pmud security problem? Anyone can snooze a system
> Seems that on iX86 boxes, apm only allows a user to snooze a system if the
> binary is SUID root (which it's not, by default, on Debian). pmud's
> /sbin/snooze, however, allows anyone to suspend the system. This seems like a
> way to a local DOS, though only desktop systems would be using pmud. I
> noticed this because KDE's klaptopdaemon checks for the SUID bit before
> allowing certain options to be used.
> Is this worth reporting to the BTS or not?
It has been reported already. pmud supports unix domin socket
communication with user apps to get around this. snooze doesnÂ´Â´t support
this yet (waiting for upstream there).
Check the BTS for old bugs, please.