From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no
	version=3.4.4
Received: (qmail 16616 invoked from network); 14 Aug 2023 18:39:29 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 14 Aug 2023 18:39:29 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1692038369;
	 b=BgW/fR3rzo+1xVmF3/XgVu3MQGjgOIYG5CF+8hjPMhEm/UJWqKZgwkL4fs+hl4kZr6SxDfo0H1
	  OlWXD401TnNWoXZ706vn3EegdVt/IuF4CdVEjOVRiAerikwovJQgvCzaIAMXa/DanbjfUgvdy3
	  ZwHxRdwBdtvKYcKVmDHyy/NjKgFAVuB7tcRlEsjLpE+QsjpVBppHkRtaBhdcATLI4tzv99C44p
	  v0qdmgGpwpqrXf5ewObsTYyUm9VWHU4n/sUZ0dt6pkuhah1daI2icSsVCQDQLqxpm+DIsyeh6l
	  cma/33TUSgI7DSCL2ZWqRszsqsPe4EvkcPQ8ZZlgUV+n9w==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mx-out1.startmail.com) smtp.remote-ip=145.131.90.139;
	dkim=pass header.d=startmail.com header.s=2020-07 header.a=rsa-sha256;
	dmarc=pass header.from=use.startmail.com;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1692038369;
	bh=hiDKy/p3FOYn1+ugaXB90bHb9bNxiQaJg4mQD1zrcpA=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Content-Transfer-Encoding:Content-Type:In-Reply-To:
	  References:To:From:Subject:MIME-Version:Date:DKIM-Signature:Message-ID:
	  DKIM-Signature;
	b=fWT5d+DhkX/93XstRq1GV8jsWfqp+ROC/tUgqdfjDhoLbUd2ioix3/G7UloTNZX5MFooB4xHze
	  JrpvgJIQCSlOkfYrltWefaqdfGDbfB+7+pxOuO3UVcBVBwinIH2nAE3g3kqJOm+P25jieDeIGv
	  3Tma9rWCDnzdel3i/d2w3SIFNDmjCBuojzG/Jq55mRCcSGezoZNESQmoMiermY1zYoGyY1uVJW
	  vqWho1SeTcfAGN956XlZyJ69fsDQxpaIrnAgz8YObJcw047qe5KcBzMGSsyiZPgZBlm5qV/sTR
	  4cH6CP1bSTmEXrLKuUopfXSAX6QrYYGohFUp0SjiqgTwVw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding:
	Content-Type:In-Reply-To:References:To:From:Subject:Mime-Version:Date:
	Message-ID:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From
	:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=80bCoPkR9IJfLKhW/hPABgL6Zd7iS8MXxMxi9fy1/OE=; b=SwOpfHjVwYCgeMhrtvZjUxwpdJ
	TuHFiHwjB1BASQXX/xBXf2QsvNlh+yynBcjTvo1is5Qf8nZ+mZSQwLH4y65Ki1iq6xOap43QqCCsA
	9gZjn9xHPYtXqNqbnZFxQstGGLIm+FJeluLdw9wBLSML0Kpl7onWunpGMBxrdkBkQ/bk3AfmlxTYg
	UW8Ys6DeG9G8KiKi1bFXz+UnqJ/jdyuocLlxdudmjFbx1jxE4tBUx/PHTRBqDgi3nVSsmm9aURdeH
	V/ywnAqhJKsjTA3GfE4ROE4nHxjmd0aaXviXLVAqw3lWKNvrvc2+ktWovbUB6Ck+NmXy8I1pONjCY
	hJ+0v5KA==;
Received: by zero.zsh.org with local
	id 1qVcTO-000C53-Qx;
	Mon, 14 Aug 2023 18:39:27 +0000
Authentication-Results: zsh.org;
	iprev=pass (mx-out1.startmail.com) smtp.remote-ip=145.131.90.139;
	dkim=pass header.d=startmail.com header.s=2020-07 header.a=rsa-sha256;
	dmarc=pass header.from=use.startmail.com;
	arc=none
Received: from mx-out1.startmail.com ([145.131.90.139]:35109)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1qVcT5-000Bmw-Bb;
	Mon, 14 Aug 2023 18:39:08 +0000
Message-ID: <bf5a068c-142b-449d-9829-aa023b3883b9@use.startmail.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=startmail.com;
	s=2020-07; t=1692038346;
	bh=80bCoPkR9IJfLKhW/hPABgL6Zd7iS8MXxMxi9fy1/OE=;
	h=Message-ID:Date:Mime-Version:Subject:From:To:References:
	 In-Reply-To:Content-Type:Content-Transfer-Encoding:From:Subject:To:
	 Date:Sender:Content-Type:Content-Transfer-Encoding:
	 Content-Disposition:Mime-Version:Reply-To:In-Reply-To:References:
	 Message-Id:Autocrypt;
	b=gFQT/U/btnIEdiiNPKdlOoTW++o/2gBrHp9OEfKC83+Xp/TTpv0RgnMeUi4mMAUIH
	 RWqLvTTyXvSjp1SZzo6W9L7m9pyj5LtfsL1hV2vviitRbuZZ8aD7VjW4Tk8jGWsqgU
	 sBFWO/h0h4C3o3gps1DZ8cIuTtQnL8dezM7DPnnd0puuuZO2WdHxMw168khg31hrSg
	 fANTZKF05DZHZKiv6C+RTmxEd80YWX7xSnh8Pkwk79pdJfzEphe2xeLHZ9khMzUgGn
	 gqpc+rsAUSqkKmwj7zFw5jMsbSlyW50gIkios7G5W8SBT09mujywVjhuYjOzmlHzVn
	 4i7T6gcNIqEug==
Date: Mon, 14 Aug 2023 20:39:05 +0200
Mime-Version: 1.0
Subject: [PATCH] 52027: whitelist capability CAP_WAKE_ALARM in 'privasserted'
 function
Content-Language: en-US
From: Robert Woods <robert.woods@use.startmail.com>
To: zsh-workers@zsh.org
References: <eb039d89-9f71-407b-9f3c-bd6dbec0a16e@use.startmail.com>
In-Reply-To: <eb039d89-9f71-407b-9f3c-bd6dbec0a16e@use.startmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Seq: 52053
Archived-At: <https://zsh.org/workers/52053>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <http://www.zsh.org/sympa/help>, <mailto:sympa@zsh.org?subject=HELP>
List-Subscribe: <http://www.zsh.org/sympa/subscribe/zsh-workers>, <mailto:sympa@zsh.org?subject=SUB%20zsh-workers>
List-Unsubscribe: <http://www.zsh.org/sympa/signoff/zsh-workers>, <mailto:sympa@zsh.org?subject=SIG%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

This patch is a follow up of this issue: https://zsh.org/workers/52027

Since the systemd update v254 from July 28, 2023, the capability
'CAP_WAKE_ALARM' is passed by default to some user process (especially
desktop managers). Since 'CAP_WAKE_ALARM' is very narrow in focus, it
is preferable that zsh does not consider it as a 'privileged'
capability.

For context, in the release note of systemd v254 the following is
written in the Section "Security Relevant Changes"[1]:
> pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
> process capability to invoked session processes of regular users on
> local seats (as well as to systemd --user), unless configured
> otherwise [...]. This is useful in order allow desktop tools such as
> GNOME's Alarm Clock application to set a timer for
> LOCK_REALTIME_ALARM that wakes up the system when it elapses. [...].
> Note that this capability is relatively narrow in focus (in
> particular compared to other process capabilities such as
> CAP_SYS_ADMIN) and we already — by default — permit more impactful
> operations such as system suspend to local users.

[1] https://github.com/systemd/systemd/releases/tag/v254

Signed-off-by: Robert Woods <141646993+RobieWoods@users.noreply.github.com>

---
 Src/utils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Src/utils.c b/Src/utils.c
index 94a33453f..7040d0954 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -7551,9 +7551,9 @@ privasserted(void)
 	    /* POSIX doesn't define a way to test whether a capability set *
 	     * is empty or not.  Typical.  I hope this is conforming...    */
 	    cap_flag_value_t val;
-	    cap_value_t n;
-	    for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
-		if(val) {
+	    cap_value_t cap;
+	    for(cap = 0; !cap_get_flag(caps, cap, CAP_EFFECTIVE, &val); cap++)
+		if(val && cap != CAP_WAKE_ALARM) {
 		    cap_free(caps);
 		    return 1;
 		}
-- 
2.41.0