[Pkg-acpi-devel] Bug#553643: local users can disable acpi script for power button

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Nov 1 18:41:58 UTC 2009

Package: acpi-support-base
Version: 0.123-1

/etc/acpi/powerbtn-acpi-support.sh  contains the following stanza:

# If powersaved is running, let it process the acpi event
if pidof powersaved; then
        exit 0

It appears that any user can therefore disable any action taken by the
power button by doing something like:

cp $(which yes) powersaved
nohup ./powersaved >/dev/null &

This seems problematic: i wouldn't expect an arbitrary, non-privileged
local user to be able to override a standard piece of system
functionality without having been explicitly granted privileges to do so.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-acpi-devel/attachments/20091101/8e262a36/attachment.pgp>

More information about the Pkg-acpi-devel mailing list