Bugtraq mailing list archives
Re: Security risk with powermanagemnet on Solaris 2.6
From: sink () CBL UMCES EDU (Robert Sink)
Date: Fri, 17 Jul 1998 08:58:59 -0400
On Jul 16, Ralf Lehmann ralfl () darwin muc de (ralfl () DARWIN MUC DE) wrote:
Recently we found a security risk caused by powermanagement on Solaris 2.6. I am pretty sure that it exists on Solaris 2.5 too, though I haven't tested it.
[snip]
Powermanagement Functionality: If you are using a desktop like CDE or OpenLook you can press the on/off button on the keyboard to suspend the system. Suspending means
[more snip]
From my experience, there are two things you can do to disable this
functionality plus L1-A and they are as follows: /etc/default/sys-suspend PERMS=- This will prevent anyone except root from being able to select the suspend feature in the right click menu on the CDE desktop, this however doesn't seem to have any effect on the physical power button on the front of the Ultra 5 case. The buttom seems to serve as a shutdown feature. But hey, they can also flip the power switch or pull the plug to achieve this, too. One of the pitfalls of openlab machines. ...and then as Casper Dik recently posted... /etc/default/kbd KEYBOARD_ABORT=disable -- Robert Sink - Asst. Dept. Head - Computer/Network Services Univ. of Maryland Chesapeake Biological Laboratory - Solomons, MD. [o] 410/326-7306
Current thread:
- Re: Security risk with powermanagemnet on Solaris 2.6 Lars-Erik Johansson (Jul 17)
- Re: Security risk with powermanagemnet on Solaris 2.6 Casper Dik (Jul 21)
- <Possible follow-ups>
- Re: Security risk with powermanagemnet on Solaris 2.6 Robert Sink (Jul 17)
- Re: Security risk with powermanagemnet on Solaris 2.6 Brad Powell (Jul 20)