[Debian-eeepc-devel] Bug#565855: marked as done (eeepc-acpi-scripts: please do not use pidof in /etc/acpi/actions/{suspend, lid, sleep}.sh)

Tue, 26 Jan 2010 14:13:07 -0800 

Your message dated Tue, 26 Jan 2010 22:06:52 +0000
with message-id <[email protected]>
and subject line Bug#565855: fixed in eeepc-acpi-scripts 1.1.8
has caused the Debian Bug report #565855,
regarding eeepc-acpi-scripts: please do not use pidof in 
/etc/acpi/actions/{suspend, lid, sleep}.sh
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
565855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565855
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: eeepc-acpi-scripts
Version: 1.1.6
Severity: normal

Hi there eeepc-acpi people--  

it looks like three files in eeepc-acpi-scripts all contain "pidof"
tests to check if something is happening on the system:

/etc/acpi/actions/suspend.sh:10:if (runlevel | grep -q [06]) || (pidof 
'/sbin/shutdown' > /dev/null); then
/etc/acpi/actions/suspend.sh-11-    exit 0
--
/etc/acpi/actions/lid.sh:9:if pidof powersaved; then
/etc/acpi/actions/lid.sh-10-    exit 0
--
/etc/acpi/actions/sleep.sh:8:if pidof powersaved; then
/etc/acpi/actions/sleep.sh-9-   exit 0

the problem with these tests is that it's trivial for any local user
to spoof the output, and thereby get the acpi script to terminate
("exit 0").  All the user needs to do is run an executable which
re-writes ARGV[0] to the relevant string, and the pidof check will
pass :/

This means that any user on a system can effectively cause the
suspend, lid, or sleep script to fail silently.  That's bad!

lid.sh and sleep.sh are easy to fix, since powersaved was recently
removed from debian:

 http://packages.qa.debian.org/p/powersave/news/20091218T132117Z.html

You might want to check with the sysvinit folks to see what the
correct way to check for a running /sbin/shutdown might be?  (maybe
you want to parse the output of "/sbin/runlevel"?)

See also http://bugs.debian.org/553643 for more discussion on the same
general concern.

Regards,

        --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages eeepc-acpi-scripts depends on:
ii  acpi-support-base             0.132-1    scripts for handling base ACPI eve
ii  acpid                         1:2.0.0-1  Advanced Configuration and Power I
ii  pm-utils                      1.2.6.1-3  utilities and scripts for power ma

Versions of packages eeepc-acpi-scripts recommends:
ii  alsa-utils                    1.0.21-1   ALSA utilities

Versions of packages eeepc-acpi-scripts suggests:
pn  aosd-cat               <none>            (no description available)
pn  gnome-osd              <none>            (no description available)
ii  ttf-dejavu             2.30-2            Metapackage to pull in ttf-dejavu-
ii  ttf-freefont           20090104-5        Freefont Serif, Sans and Mono True
ii  ttf-liberation         1.05.2.20091019-4 Fonts with the same metrics as Tim
ii  ttf-mscorefonts-instal 3.0               Installer for Microsoft TrueType c

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: eeepc-acpi-scripts
Source-Version: 1.1.8

We believe that the bug you reported is fixed in the latest version of
eeepc-acpi-scripts, which is due to be installed in the Debian FTP archive:

eeepc-acpi-scripts_1.1.8.dsc
  to main/e/eeepc-acpi-scripts/eeepc-acpi-scripts_1.1.8.dsc
eeepc-acpi-scripts_1.1.8.tar.gz
  to main/e/eeepc-acpi-scripts/eeepc-acpi-scripts_1.1.8.tar.gz
eeepc-acpi-scripts_1.1.8_all.deb
  to main/e/eeepc-acpi-scripts/eeepc-acpi-scripts_1.1.8_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated eeepc-acpi-scripts package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 26 Jan 2010 21:19:50 +0200
Source: eeepc-acpi-scripts
Binary: eeepc-acpi-scripts
Architecture: source all
Version: 1.1.8
Distribution: unstable
Urgency: low
Maintainer: Debian Eee PC Team <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description: 
 eeepc-acpi-scripts - Scripts to support suspend and hotkeys on the Asus Eee PC 
laptop
Closes: 565855
Changes: 
 eeepc-acpi-scripts (1.1.8) unstable; urgency=low
 .
   [ Darren Salt ]
   * Don't fail on upgrade, removal etc. if the acpid init script is missing.
   * Simplify rfkill handling. (Requires rfkill 0.3-3.)
 .
   [ Damyan Ivanov ]
   * wireless.sh/disable: do not fail if no interface can be brought down
   * add ${misc:Depends} to dependencies
   * suspend.sh: when checking for a running shutdown, check only for processes
     owned by root. Closes: #565855
     Thanks to Daniel Kahn Gillmor for reporting.
Checksums-Sha1: 
 4494c978e71cd3694478c822bb247fcffbcfda54 1151 eeepc-acpi-scripts_1.1.8.dsc
 7d4d2c6b33746c99937aaaa6604596e852882fea 24118 eeepc-acpi-scripts_1.1.8.tar.gz
 da7d3ae3c61ffda6ed44748b57e16d087f7dad4c 26306 eeepc-acpi-scripts_1.1.8_all.deb
Checksums-Sha256: 
 790678d326e5a0040718fc8a1ca613462c0581f603e37d8ca2cc970e150be7cf 1151 
eeepc-acpi-scripts_1.1.8.dsc
 8322615cfbdd4af048482f33330540df38d8fdcbc3c88995fe4ea17d605bb65d 24118 
eeepc-acpi-scripts_1.1.8.tar.gz
 0be624a3c101d1397237572c96ca8174eaf880ded69e0ec5b417c7dc63b8fd0a 26306 
eeepc-acpi-scripts_1.1.8_all.deb
Files: 
 07beec7c175733b405e287088ff7f87c 1151 utils extra eeepc-acpi-scripts_1.1.8.dsc
 ba69d9fef6dababa3406e96068c09845 24118 utils extra 
eeepc-acpi-scripts_1.1.8.tar.gz
 6d9003ac39533e2efc2d07598fd2d941 26306 utils extra 
eeepc-acpi-scripts_1.1.8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktfRQoACgkQHqjlqpcl9jswVACgr5oMYGYPTz52tJWmLoizmP7F
yXcAn3CK6fwtmb1IRAxYs32aViuEfetO
=nD0N
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Debian-eeepc-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/debian-eeepc-devel

Reply via email to