[Pkg-acpi-devel] Bug#553643: local users can disable acpi script for power button
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Nov 1 18:41:58 UTC 2009
Package: acpi-support-base
Version: 0.123-1
/etc/acpi/powerbtn-acpi-support.sh contains the following stanza:
------------------
# If powersaved is running, let it process the acpi event
if pidof powersaved; then
exit 0
fi
------------------
It appears that any user can therefore disable any action taken by the
power button by doing something like:
cp $(which yes) powersaved
nohup ./powersaved >/dev/null &
This seems problematic: i wouldn't expect an arbitrary, non-privileged
local user to be able to override a standard piece of system
functionality without having been explicitly granted privileges to do so.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-acpi-devel/attachments/20091101/8e262a36/attachment.pgp>
More information about the Pkg-acpi-devel
mailing list