From $URL: I. Blocking write. I.1. Description. acpid informs unprivileged processes about acpi events via UNIX socket. This socket is in blocking mode. If unprivileged process stops reading data from the socket then, in some time, the socket queue fills up leading to hanging privileged acpid daemon. The daemon hangs until the socket peer process reads some portion of the queued data or the peer process exits/is killed.
There are some proposed patches, see https://bugzilla.redhat.com/show_bug.cgi?id=688698
@security: https://bugzilla.redhat.com/show_bug.cgi?id=688698#c6 seems to indicate the problem is already fixed in 2.0.9 which is our stable version right?
(In reply to comment #2) > @security: https://bugzilla.redhat.com/show_bug.cgi?id=688698#c6 seems to > indicate the problem is already fixed in 2.0.9 which is our stable version > > right? Indeed, thanks, Samuli. From the 2.0.9 ChangeLog: - Added fcntl() for O_NONBLOCK on the client sockets. This prevents acpid from hanging if a client behaves badly. (sock.c) (Vasiliy Kulikov) From: http://www.openwall.com/lists/oss-security/2011/01/19/4 GLSA Vote: no.
CVE-2011-1159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1159): acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
voting noglsa too, and closing.
