> sbeattie also pointed out that $(pidof kded4) returning
> multiple pids could be problematic.
And that's true.
For example, if I use ssh to access a remote machine, which is using KDE:
ganton@t1:~$ pidof kded4
12511 1382
those were two results returned.
For more information:
ganton@t1:~$ ps aux | grep [1]2511
root 12511 0.0 0.8 79700 5300 ? S Dec06 0:07 kdeinit4:
kded4 [kdeinit]
ganton@t1:~$ ps aux | grep [1]382
ganton 1382 0.0 7.1 266424 45632 ? Sl Dec06 0:43
kdeinit4: kded4 [kdeinit]
we see that there are two process named "kded4", one for "root" and another for
the user "ganton".
But if something like "pgrep -u" is used:
ganton@t1:~$ pgrep "kded4" -u "$USER"
1382
there is no "two results returned" problem.
I suggest changing those "pidof" that appear in the code (for example,
in the patch).
Thanks for the work!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/893821
Title:
Shell expansion may allow privilege boundary crossing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
