COMMAND

    powermanagement

SYSTEMS AFFECTED

    Solaris 2.4, 2.5, 2.5.1, 2.6

PROBLEM

    Ralf  Lehmann   recently  found   a  security   risk  caused    by
    powermanagement  on  Solaris  2.6.   This  may  be  the  case with
    previous versions too.   If you are  using a desktop  like CDE  or
    OpenLook  you  can  press  the  on/off  button  on the keyboard to
    suspend the system.   Suspending means that  the whole kernel  and
    all process memory is saved to  disk. If you turn on the  machine,
    the boot  procedure realizes  that the  system has  been suspended
    and restores the kernel and the processes. Operation of the system
    continues exately where  it has been  stopped, with one  exeption.
    Lockscreen is called  to prevent unauthorized  access to the  just
    started maschine.

    Here is the bug.  When you reboot a suspended system you will  see
    the line like

        Restoring system...

    on your  screen. After  a few  seconds the  line disapears and the
    screen is dark.  Now  start typing characters on the  keyboard. On
    a slow SPARC 5 you will have 20 to 30 seconds to enter characters.
    All that input is delivered to the last active tool on the desktop
    even before lockscreen can catch the input fokus.  It is a lot  of
    fun if the superuser suspended the system and the last active tool
    was a shell.

    Try this: Shortly after the line "Restoring ..." disapears type:

        passwd -d root

    or

        echo + + >> /.rhosts

    or any other command  you like to be  executed as root. You  don't
    have to worry about the  time.  On a SPARC  5 you will have a  lot
    of time (20 seconds).  After about 20 seconds of darkness you  can
    see the desktop for a short moment before lockscreen is activated.
    But the damage is done already.

SOLUTION

    The only workaround is not to use Powermanagement with a  desktop.
    There are two things you can do to disable this functionality plus
    L1-A and they are as follows:

        /etc/default/sys-suspend
        PERMS=-

    This will prevent anyone except root from being able to select the
    suspend feature in the right  click menu on the CDE  desktop, this
    however doesn't  seem to  have any  effect on  the physical  power
    button on  the front  of the  Ultra 5  case.   The buttom seems to
    serve as  a shutdown  feature.   But hey,  they can  also flip the
    power switch or pull the plug to achieve this, too.  Btw, do:

        /etc/default/kbd
        KEYBOARD_ABORT=disable