> Seems that on iX86 boxes, apm only allows a user to snooze a system if the > binary is SUID root (which it's not, by default, on Debian). pmud's > /sbin/snooze, however, allows anyone to suspend the system. This seems like a > way to a local DOS, though only desktop systems would be using pmud. I > noticed this because KDE's klaptopdaemon checks for the SUID bit before > allowing certain options to be used. > > Is this worth reporting to the BTS or not?
It has been reported already. pmud supports unix domin socket communication with user apps to get around this. snooze doesn´´t support this yet (waiting for upstream there). Check the BTS for old bugs, please. Michael