52053: whitelist capability CAP_WAKE_ALARM

Since the systemd update v254 from July 28, 2023, the capability 'CAP_WAKE_ALARM' is passed by default to some user process (especially desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it is preferable that zsh does not consider it as a 'privileged' capability.
2025-10-31 06:00:54 +01:00 · 2023-08-27 15:05:08 -07:00 · 2023-08-27 15:05:08 -07:00 · 97b4a30c4e
commit 97b4a30c4e
parent 660a629864
2 changed files with 6 additions and 3 deletions
--- a/3
+++ b/3
@ -1,5 +1,8 @@
 2023-08-27  Bart Schaefer  <schaefer@zsh.org>

+	* Robert Woods: 52053: Src/utils.c: whitelist capability
+	CAP_WAKE_ALARM in 'privasserted' function
+
 	* Shohei YOSHIDA: 52034: Completion/Unix/Command/_sqlite:
 	update for version 3.42.0

--- a/Src/utils.c
+++ b/Src/utils.c
@ -7551,9 +7551,9 @@ privasserted(void)
 	    /* POSIX doesn't define a way to test whether a capability set *
 	     * is empty or not.  Typical.  I hope this is conforming...    */
 	    cap_flag_value_t val;
-	    cap_value_t n;
-	    for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
-		if(val) {
+	    cap_value_t cap;
+	    for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
+		if(val && cap != CAP_WAKE_ALARM) {
 		    cap_free(caps);
 		    return 1;
 		}