COMMAND

    powermanagement

SYSTEMS AFFECTED

    Solaris 2.6 (others?)

PROBLEM

    Ralf  Lehmann   recently  found   a  security   risk  caused    by
    powermanagement  on  Solaris  2.6.   This  may  be  the  case with
    previous versions too.   If you are  using a desktop  like CDE  or
    OpenLook  you  can  press  the  on/off  button  on the keyboard to
    suspend the system.   Suspending means that  the whole kernel  and
    all process memory is saved to  disk. If you turn on the  machine,
    the boot  procedure realizes  that the  system has  been suspended
    and restores the kernel and the processes. Operation of the system
    continues exately where  it has been  stopped, with one  exeption.
    Lockscreen is called  to prevent unauthorized  access to the  just
    started maschine.

    Here is the bug.  When you reboot a suspended system you will  see
    the line like

        Restoring system...

    on your  screen. After  a few  seconds the  line disapears and the
    screen is dark.  Now  start typing characters on the  keyboard. On
    a slow SPARC 5 you will have 20 to 30 seconds to enter characters.
    All that input is delivered to the last active tool on the desktop
    even before lockscreen can catch the input fokus.  It is a lot  of
    fun if the superuser suspended the system and the last active tool
    was a shell.

    Try this: Shortly after the line "Restoring ..." disapears type:

        passwd -d root

    or

        echo + + >> /.rhosts

    or any other command  you like to be  executed as root. You  don't
    have to worry about the  time.  On a SPARC  5 you will have a  lot
    of time (20 seconds).  After about 20 seconds of darkness you  can
    see the desktop for a short moment before lockscreen is activated.
    But the damage is done already.

SOLUTION

    The only workaround is not to use Powermanagement with a  desktop.
    But who is using powermanagement anyway?