Bug 186394 - Unpriviledged remote suspend
Summary: Unpriviledged remote suspend
Alias: None
Product: Fedora
Classification: Fedora
Component: hal   
(Show other bugs)
Version: 5
Hardware: All Linux
Target Milestone: ---
Assignee: David Zeuthen
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-03-23 11:20 UTC by David Wood
Modified: 2013-03-06 03:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-04 15:13:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description David Wood 2006-03-23 11:20:01 UTC
Apologies if this is a Gnome issue, not a kernel issue.

Platform: HP nx9010 laptop
Although the suspend process works OK (slow flashing blue light on completion),
the laptop fails to restart - not great, but that isn't my bug for now.

The BIG problem is that an unpriviledged remote X login user can initiate
suspend from the Gnome System menu causing instant denial of use.  The shutdown
option is missing (as expected) but the suspend option should also be disabled

Comment 1 Kyrre Ness Sjøbæk 2006-03-23 18:11:21 UTC
isn't this a gnome bug?

IMO, there should be an easy system-wide way of disabeling this option.

Comment 2 Dave Jones 2006-03-24 23:16:48 UTC
yes, the kernel just provides the mechanism.  I think the actual 'do the
suspend' is triggered by HAL.   Somewhere further up the stack, we need to be
checking that the user is a console user.

Comment 3 John (J5) Palmieri 2006-03-25 00:05:45 UTC
  is your user also logged into the console?

  Have you tried hitting the button?  Does it actually suspend?

Comment 4 David Wood 2006-03-27 09:36:58 UTC
Yes.  The same user was logged into the console.
Under this condition, the laptop did actually suspend from the remote terminal.

I've tried again without the user also being logged in at the console and
suspend safely responds with a 'Suspend problem' dialog - my apologies.  I guess
this isn't too bad (although it may be a little better if the suspend button
wasn't there at all, just like the shutdown button isn't there).

Comment 5 David Zeuthen 2006-12-04 15:13:52 UTC
Just the way pam-console works, for better or worse. Not security related as
pointed out in comment 4. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.