From 97b4a30c4e5f4837bac7c5c67bd583d3aeaf7886 Mon Sep 17 00:00:00 2001
From: Robert Woods <robert.woods@use.startmail.com>
Date: Sun, 27 Aug 2023 15:05:08 -0700
Subject: 52053: whitelist capability CAP_WAKE_ALARM

Since the systemd update v254 from July 28, 2023, the capability
'CAP_WAKE_ALARM' is passed by default to some user process (especially
desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it
is preferable that zsh does not consider it as a 'privileged'
capability.
---
 Src/utils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'Src/utils.c')

diff --git a/Src/utils.c b/Src/utils.c
index 94a33453f..7040d0954 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -7551,9 +7551,9 @@ privasserted(void)
 	    /* POSIX doesn't define a way to test whether a capability set *
 	     * is empty or not.  Typical.  I hope this is conforming...    */
 	    cap_flag_value_t val;
-	    cap_value_t n;
-	    for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
-		if(val) {
+	    cap_value_t cap;
+	    for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
+		if(val && cap != CAP_WAKE_ALARM) {
 		    cap_free(caps);
 		    return 1;
 		}
-- 
cgit 1.4.1