> sbeattie also pointed out that $(pidof kded4) returning > multiple pids could be problematic. And that's true.
For example, if I use ssh to access a remote machine, which is using KDE: ganton@t1:~$ pidof kded4 12511 1382 those were two results returned. For more information: ganton@t1:~$ ps aux | grep [1]2511 root 12511 0.0 0.8 79700 5300 ? S Dec06 0:07 kdeinit4: kded4 [kdeinit] ganton@t1:~$ ps aux | grep [1]382 ganton 1382 0.0 7.1 266424 45632 ? Sl Dec06 0:43 kdeinit4: kded4 [kdeinit] we see that there are two process named "kded4", one for "root" and another for the user "ganton". But if something like "pgrep -u" is used: ganton@t1:~$ pgrep "kded4" -u "$USER" 1382 there is no "two results returned" problem. I suggest changing those "pidof" that appear in the code (for example, in the patch). Thanks for the work! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/893821 Title: Shell expansion may allow privilege boundary crossing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs