From: Robert Woods <robert.woods@use.startmail.com>
To: zsh-workers@zsh.org
Subject: [PATCH] 52027: whitelist capability CAP_WAKE_ALARM in 'privasserted' function
Date: Mon, 14 Aug 2023 20:39:05 +0200 [thread overview]
Message-ID: <bf5a068c-142b-449d-9829-aa023b3883b9@use.startmail.com> (raw)
In-Reply-To: <eb039d89-9f71-407b-9f3c-bd6dbec0a16e@use.startmail.com>
This patch is a follow up of this issue: https://zsh.org/workers/52027
Since the systemd update v254 from July 28, 2023, the capability
'CAP_WAKE_ALARM' is passed by default to some user process (especially
desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it
is preferable that zsh does not consider it as a 'privileged'
capability.
For context, in the release note of systemd v254 the following is
written in the Section "Security Relevant Changes"[1]:
> pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
> process capability to invoked session processes of regular users on
> local seats (as well as to systemd --user), unless configured
> otherwise [...]. This is useful in order allow desktop tools such as
> GNOME's Alarm Clock application to set a timer for
> LOCK_REALTIME_ALARM that wakes up the system when it elapses. [...].
> Note that this capability is relatively narrow in focus (in
> particular compared to other process capabilities such as
> CAP_SYS_ADMIN) and we already — by default — permit more impactful
> operations such as system suspend to local users.
[1] https://github.com/systemd/systemd/releases/tag/v254
Signed-off-by: Robert Woods <141646993+RobieWoods@users.noreply.github.com>
---
Src/utils.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Src/utils.c b/Src/utils.c
index 94a33453f..7040d0954 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -7551,9 +7551,9 @@ privasserted(void)
/* POSIX doesn't define a way to test whether a capability set *
* is empty or not. Typical. I hope this is conforming... */
cap_flag_value_t val;
- cap_value_t n;
- for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
- if(val) {
+ cap_value_t cap;
+ for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
+ if(val && cap != CAP_WAKE_ALARM) {
cap_free(caps);
return 1;
}
--
2.41.0
prev parent reply other threads:[~2023-08-14 18:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-06 22:41 Bug: The capability CAP_WAKE_ALARM should be whitelisted Robert Woods
2023-08-14 18:39 ` Robert Woods [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bf5a068c-142b-449d-9829-aa023b3883b9@use.startmail.com \
--to=robert.woods@use.startmail.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).