Red Hat Bugzilla – Bug 186394
Unpriviledged remote suspend
Last modified: 2013-03-05 22:45:04 EST
Apologies if this is a Gnome issue, not a kernel issue.
Platform: HP nx9010 laptop
Although the suspend process works OK (slow flashing blue light on completion),
the laptop fails to restart - not great, but that isn't my bug for now.
The BIG problem is that an unpriviledged remote X login user can initiate
suspend from the Gnome System menu causing instant denial of use. The shutdown
option is missing (as expected) but the suspend option should also be disabled
isn't this a gnome bug?
IMO, there should be an easy system-wide way of disabeling this option.
yes, the kernel just provides the mechanism. I think the actual 'do the
suspend' is triggered by HAL. Somewhere further up the stack, we need to be
checking that the user is a console user.
is your user also logged into the console?
Have you tried hitting the button? Does it actually suspend?
Yes. The same user was logged into the console.
Under this condition, the laptop did actually suspend from the remote terminal.
I've tried again without the user also being logged in at the console and
suspend safely responds with a 'Suspend problem' dialog - my apologies. I guess
this isn't too bad (although it may be a little better if the suspend button
wasn't there at all, just like the shutdown button isn't there).
Just the way pam-console works, for better or worse. Not security related as
pointed out in comment 4. Closing this bug.