mirror of
git://git.code.sf.net/p/zsh/code
synced 2025-07-26 21:51:03 +02:00
52053: whitelist capability CAP_WAKE_ALARM
Since the systemd update v254 from July 28, 2023, the capability 'CAP_WAKE_ALARM' is passed by default to some user process (especially desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it is preferable that zsh does not consider it as a 'privileged' capability.
This commit is contained in:
parent
660a629864
commit
97b4a30c4e
2 changed files with 6 additions and 3 deletions
|
@ -1,5 +1,8 @@
|
|||
2023-08-27 Bart Schaefer <schaefer@zsh.org>
|
||||
|
||||
* Robert Woods: 52053: Src/utils.c: whitelist capability
|
||||
CAP_WAKE_ALARM in 'privasserted' function
|
||||
|
||||
* Shohei YOSHIDA: 52034: Completion/Unix/Command/_sqlite:
|
||||
update for version 3.42.0
|
||||
|
||||
|
|
|
@ -7551,9 +7551,9 @@ privasserted(void)
|
|||
/* POSIX doesn't define a way to test whether a capability set *
|
||||
* is empty or not. Typical. I hope this is conforming... */
|
||||
cap_flag_value_t val;
|
||||
cap_value_t n;
|
||||
for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
|
||||
if(val) {
|
||||
cap_value_t cap;
|
||||
for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
|
||||
if(val && cap != CAP_WAKE_ALARM) {
|
||||
cap_free(caps);
|
||||
return 1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue