Bug 186394 - Unpriviledged remote suspend
Unpriviledged remote suspend
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Zeuthen
Depends On:
  Show dependency treegraph
Reported: 2006-03-23 06:20 EST by David Wood
Modified: 2013-03-05 22:45 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-04 10:13:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Wood 2006-03-23 06:20:01 EST
Apologies if this is a Gnome issue, not a kernel issue.

Platform: HP nx9010 laptop
Although the suspend process works OK (slow flashing blue light on completion),
the laptop fails to restart - not great, but that isn't my bug for now.

The BIG problem is that an unpriviledged remote X login user can initiate
suspend from the Gnome System menu causing instant denial of use.  The shutdown
option is missing (as expected) but the suspend option should also be disabled
Comment 1 Kyrre Ness Sjøbæk 2006-03-23 13:11:21 EST
isn't this a gnome bug?

IMO, there should be an easy system-wide way of disabeling this option.
Comment 2 Dave Jones 2006-03-24 18:16:48 EST
yes, the kernel just provides the mechanism.  I think the actual 'do the
suspend' is triggered by HAL.   Somewhere further up the stack, we need to be
checking that the user is a console user.
Comment 3 John (J5) Palmieri 2006-03-24 19:05:45 EST
  is your user also logged into the console?

  Have you tried hitting the button?  Does it actually suspend?
Comment 4 David Wood 2006-03-27 04:36:58 EST
Yes.  The same user was logged into the console.
Under this condition, the laptop did actually suspend from the remote terminal.

I've tried again without the user also being logged in at the console and
suspend safely responds with a 'Suspend problem' dialog - my apologies.  I guess
this isn't too bad (although it may be a little better if the suspend button
wasn't there at all, just like the shutdown button isn't there).
Comment 5 David Zeuthen 2006-12-04 10:13:52 EST
Just the way pam-console works, for better or worse. Not security related as
pointed out in comment 4. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.