[Pkg-acpi-devel] Bug#763134: acpi-support-base: /usr/share/acpi-support/power-funcs broken from line 24 if consolekit installed and no dbus running

Sun Sep 28 03:12:45 UTC 2014

Package: acpi-support-base
Version: 0.140-5+deb7u3
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages acpi-support-base depends on:
ii  acpid  1:2.0.16-1+deb7u1

Versions of packages acpi-support-base recommends:
pn  consolekit  <none>

Versions of packages acpi-support-base suggests:
ii  acpi-support  0.140-5+deb7u3

-- no debconf information

---

getXuser() is broken:

block starting at line 24 in /usr/share/acpi-support/power-funcs:
----
 24         if [ -x /usr/bin/ck-list-sessions ]; then
 25                 uid=$(ck-list-sessions | awk 'BEGIN { unix_user = ""; }
  /^Session/ { unix_user = ""; } /unix-user =/ { gsub(/'\''/,"",$3);
  unix_user = $3; } /x11-display = '\'$display\''/ { print unix_user; exit
  (0); }')
 26 
 27                 if [ "$uid" ]; then
 28                         IFS=:
 29                         set -- $(getent passwd $uid)
 30                         user=$1
 31                         unset IFS
 32                 fi
 33         else
----

just testing if /usr/bin/ck-list-sessions is executable doesn't do the
trick.
until just now i had consolekit installed (some dependency somewhere), but
dbus was (and still is and will be) not running. this leads to an error in
line 25, ultimately no $user is set. the pinky check is not executed (but
would work just fine).
finally XAUTHORITY and XUSER are exported as blanks.

this breaks at least /usr/share/acpi-support/screenblank
debug output:
----
[04:00:22] root at schleppi ~ # /bin/sh -x /usr/share/acpi-support/screenblank
-- source added by me for testing
+ . /usr/share/acpi-support/power-funcs
--
+ umask 022
+
PATH=/sbin:/usr/sbin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+ POWERSTATE=/var/lib/acpi-support/powerstate
+ HDPARM=/sbin/hdparm -q
+ LIDSTATE=/var/lib/acpi-support/lidstate
+ d=/tmp/.X11-unix
+ displaynum=0
+ getXuser
+ local plist display uid user startx pid userhome IFS
+ [ 0 ]
+ display=:0
+ user=
+ [ -x /usr/bin/ck-list-sessions ]
+ ck-list-sessions
+ awk BEGIN { unix_user = ""; } /^Session/ { unix_user = ""; } /unix-user =/ { gsub(/'/,"",$3); unix_user = $3; } /x11-display =
':0'/ { print unix_user; exit (0); }
** Message: Failed to connect to the D-Bus daemon: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or
directory
+ uid=
+ [  ]
+ [ -z  ]
+ pgrep -n startx
+ :
+ startx=
+ [ -z  ]
+ [ x != x ]
+ export XAUTHORITY=
+ XUSER=
+ export XUSER
+ [ x != x ]
+ [ -x = xtrue ]
----

result: X not locked as expected after sleep/hibernate. free local and
possible remote (root)shells etc...

regards
waijb