[Debian-eeepc-devel] Bug#565855: Bug#565855: eeepc-acpi-scripts: please do not use pidof in /etc/acpi/actions/{suspend, lid, sleep}.sh

Damyan Ivanov dmn at debian.org
Wed Jan 20 07:24:04 UTC 2010 

-=| Daniel Kahn Gillmor, Mon, Jan 18, 2010 at 08:41:11PM -0500 |=-
> Package: eeepc-acpi-scripts
> Version: 1.1.6
> Severity: normal
> 
> Hi there eeepc-acpi people--  
> 
> it looks like three files in eeepc-acpi-scripts all contain "pidof"
> tests to check if something is happening on the system:
> 
> /etc/acpi/actions/suspend.sh:10:if (runlevel | grep -q [06]) || (pidof '/sbin/shutdown' > /dev/null); then
> /etc/acpi/actions/suspend.sh-11-    exit 0
> --
> /etc/acpi/actions/lid.sh:9:if pidof powersaved; then
> /etc/acpi/actions/lid.sh-10-	exit 0
> --
> /etc/acpi/actions/sleep.sh:8:if pidof powersaved; then
> /etc/acpi/actions/sleep.sh-9-	exit 0
> 
> the problem with these tests is that it's trivial for any local user
> to spoof the output, and thereby get the acpi script to terminate
> ("exit 0").  All the user needs to do is run an executable which
> re-writes ARGV[0] to the relevant string, and the pidof check will
> pass :/

Right.

> lid.sh and sleep.sh are easy to fix, since powersaved was recently
> removed from debian:
> 
>  http://packages.qa.debian.org/p/powersave/news/20091218T132117Z.html

Done in Git.

> You might want to check with the sysvinit folks to see what the
> correct way to check for a running /sbin/shutdown might be?  (maybe
> you want to parse the output of "/sbin/runlevel"?)

The current code is: 
> /etc/acpi/actions/suspend.sh:10:if (runlevel | grep -q [06]) || 
> (pidof '/sbin/shutdown' > /dev/null); then
> /etc/acpi/actions/suspend.sh-11-    exit 0

i.e., it is already checking the output of /sbin/runlevel. I am not 
sure why the check for shutdown is needed, maybe in order to catch 
timed shutdowns (-t option)?

Ben, Darren, what do you think, shall the check for a running 
/sbin/shutdown be just dropped or replaced with something else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-eeepc-devel/attachments/20100120/5d7b0edc/attachment.pgp>

More information about the Debian-eeepc-devel mailing list