diff options
author | Robert Woods <robert.woods@use.startmail.com> | 2023-08-27 15:05:08 -0700 |
---|---|---|
committer | Bart Schaefer <schaefer@zsh.org> | 2023-08-27 15:05:08 -0700 |
commit | 97b4a30c4e5f4837bac7c5c67bd583d3aeaf7886 (patch) | |
tree | 4863d62f8ae4270e8058c505076f8e1522068316 /Src/utils.c | |
parent | 660a629864ba2493b473f749b8bc010bcbbb0cf0 (diff) | |
download | zsh-97b4a30c4e5f4837bac7c5c67bd583d3aeaf7886.tar.gz zsh-97b4a30c4e5f4837bac7c5c67bd583d3aeaf7886.tar.xz zsh-97b4a30c4e5f4837bac7c5c67bd583d3aeaf7886.zip |
52053: whitelist capability CAP_WAKE_ALARM
Since the systemd update v254 from July 28, 2023, the capability 'CAP_WAKE_ALARM' is passed by default to some user process (especially desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it is preferable that zsh does not consider it as a 'privileged' capability.
Diffstat (limited to 'Src/utils.c')
-rw-r--r-- | Src/utils.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Src/utils.c b/Src/utils.c index 94a33453f..7040d0954 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -7551,9 +7551,9 @@ privasserted(void) /* POSIX doesn't define a way to test whether a capability set * * is empty or not. Typical. I hope this is conforming... */ cap_flag_value_t val; - cap_value_t n; - for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++) - if(val) { + cap_value_t cap; + for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++) + if(val && cap != CAP_WAKE_ALARM) { cap_free(caps); return 1; } |