-=| Daniel Kahn Gillmor, Mon, Jan 18, 2010 at 08:41:11PM -0500 |=- > Package: eeepc-acpi-scripts > Version: 1.1.6 > Severity: normal > > Hi there eeepc-acpi people-- > > it looks like three files in eeepc-acpi-scripts all contain "pidof" > tests to check if something is happening on the system: > > /etc/acpi/actions/suspend.sh:10:if (runlevel | grep -q [06]) || (pidof > '/sbin/shutdown' > /dev/null); then > /etc/acpi/actions/suspend.sh-11- exit 0 > -- > /etc/acpi/actions/lid.sh:9:if pidof powersaved; then > /etc/acpi/actions/lid.sh-10- exit 0 > -- > /etc/acpi/actions/sleep.sh:8:if pidof powersaved; then > /etc/acpi/actions/sleep.sh-9- exit 0 > > the problem with these tests is that it's trivial for any local user > to spoof the output, and thereby get the acpi script to terminate > ("exit 0"). All the user needs to do is run an executable which > re-writes ARGV[0] to the relevant string, and the pidof check will > pass :/
Right. > lid.sh and sleep.sh are easy to fix, since powersaved was recently > removed from debian: > > http://packages.qa.debian.org/p/powersave/news/20091218T132117Z.html Done in Git. > You might want to check with the sysvinit folks to see what the > correct way to check for a running /sbin/shutdown might be? (maybe > you want to parse the output of "/sbin/runlevel"?) The current code is: > /etc/acpi/actions/suspend.sh:10:if (runlevel | grep -q [06]) || > (pidof '/sbin/shutdown' > /dev/null); then > /etc/acpi/actions/suspend.sh-11- exit 0 i.e., it is already checking the output of /sbin/runlevel. I am not sure why the check for shutdown is needed, maybe in order to catch timed shutdowns (-t option)? Ben, Darren, what do you think, shall the check for a running /sbin/shutdown be just dropped or replaced with something else?
signature.asc
Description: Digital signature