** Description changed:
Oliver-Tobias Ripka reported a vulnerability in /etc/acpi/powerbtn.sh
that could allow an attacker to execute arbitrary code as the user that
is logged into the current X session. The prerequisites for the attack
are as follows:
1.) The attacker must be able to
** Also affects: acpid
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/893821
Title:
Shell expansion may allow privilege boundary crossing
To manage notifi
On 2011-12-09 09:27:50, Ganton wrote:
> For more information:
> The "cat /proc/[...]/environ" method that is used now there... is said to
> cause problems:
> - "you have multiple hosts"
> - "when more than one X session is used"
> - etc.
That's a good point. However, this was str
On 2011-12-09 08:36:20, Ganton wrote:
> I suggest changing those "pidof" that appear in the code (for example,
> in the patch).
Thanks for the suggestion, Ganton. The update did make the change from
pidof to pgrep. The script's new usage of pgrep uses the -n and -u
options.
--
You received this
For more information:
The "cat /proc/[...]/environ" method that is used now there... is said to
cause problems:
- "you have multiple hosts"
- "when more than one X session is used"
- etc.
In those two site talk more about it:
http://www.rootninja.com/dbus-session-bus
> sbeattie also pointed out that $(pidof kded4) returning
> multiple pids could be problematic.
And that's true.
For example, if I use ssh to access a remote machine, which is using KDE:
ganton@t1:~$ pidof kded4
12511 1382
those were two results returned.
For more information:
ganton
Thanks again for your cooperation and assistance, otr!
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4578
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
