From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.6 i686; en-US; rv:0.9.1) Gecko/20010608 Description of problem: pidof stips the path to the executable for which you want the pid(s), before performing the process lookup. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1./sbin/pidof /doesnotexist/syslogd 2. 3. Actual Results: pidof returns the pid /sbin/syslogd Expected Results: it should not return the pid /sbin/syslogd Additional info: This bugs allows any unpriviliged user to fool 'service XXX status' commands by running a process named XXX. This way sysadmins could tricked into believing service XXX is running while actually it is not.
Fixed in 2.84-5, thanks!
Btw, readlink(2) does not append a NUL character to the buffer, so behaviour of your patch depends on malloc(3).
Fixed, will be in SysVinit-2.85-36.