Re: Suspend/X workaround: security issue
> > I'd prefer to go back to the same virtual terminal I was on. Is there
> > a way to query the system for what tty is active?
> > "/usr/bin/tty >/tmp/ttysuspend" into my script.
>
> /usr/bin/fgconsole > /tmp/ttysuspend
Great, so I go and write an executable file in /etc/apm/event.d/01x_bugfix
containing:
#!/bin/sh
if [ "$1" = "suspend" ] ; then
/usr/bin/fgconsole > /tmp/ttysuspend
chvt 1
fi
if [ "$1,$2" = "resume,suspend" ] ; then
if [ -f /tmp/ttysuspend ] ; then
chvt `cat /tmp/ttysuspend`
fi
fi
This strikes me as a security risk, as anyone can create a file named
/tmp/ttysuspend. If it can be guaranteed that there won't be a "resume
suspend" event without an immediately preceding "suspend" event, I suppose
it should be fine, but there should still be a better way to tackle this
thing. I considered `rm -f /tmp/ttysuspend` just before the call to
fgconsole, to ensure that the file will be recreated with correct
ownership, so that hopefully noone can modify its contents between the
suspend and the resume event. I'm still wondering about the possibilities
of a resume event without a suspend event... (buggy hardware?) Probably
not an issue, but I feel this should rather go in a file that is
permanent, and belongs to whoever usually calls /etc/apm/apmd_proxy -
probably root, as the apmd on my machine was run by root. Where would the
correct place be? I'd think /var/... I don't know the proper usage of the
subdirectories in /var, but judging by names, I'd think /var/state/apmd/,
or some such directory.
Any ideas? I think this kind of thing could be included in the apmd
package, as an install-time option, since this X/apm problem is a common
one.
Hugo van der Merwe
Reply to: