1
0
Fork 0
mirror of git://git.code.sf.net/p/zsh/code synced 2025-07-26 21:51:03 +02:00

52053: whitelist capability CAP_WAKE_ALARM

Since the systemd update v254 from July 28, 2023, the capability
'CAP_WAKE_ALARM' is passed by default to some user process (especially
desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it
is preferable that zsh does not consider it as a 'privileged'
capability.
This commit is contained in:
Robert Woods 2023-08-27 15:05:08 -07:00 committed by Bart Schaefer
parent 660a629864
commit 97b4a30c4e
2 changed files with 6 additions and 3 deletions

View file

@ -1,5 +1,8 @@
2023-08-27 Bart Schaefer <schaefer@zsh.org>
* Robert Woods: 52053: Src/utils.c: whitelist capability
CAP_WAKE_ALARM in 'privasserted' function
* Shohei YOSHIDA: 52034: Completion/Unix/Command/_sqlite:
update for version 3.42.0

View file

@ -7551,9 +7551,9 @@ privasserted(void)
/* POSIX doesn't define a way to test whether a capability set *
* is empty or not. Typical. I hope this is conforming... */
cap_flag_value_t val;
cap_value_t n;
for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
if(val) {
cap_value_t cap;
for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
if(val && cap != CAP_WAKE_ALARM) {
cap_free(caps);
return 1;
}