From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 28261 invoked from network); 6 Aug 2023 22:41:27 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 6 Aug 2023 22:41:27 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1691361687; b=LnQoPLK6JG7CKlc+UJTh3mvE4NhFamFj8LA8Rp/wGCAp41jHaTZgf4WY4oEylveBSRuq6D1neK v1MAjRHGYhfU3/HS/VKOAfyMQOetHXkYNRoy/X00oLCDKiFSy5ZrTXUB6rhrQEa3YRZkOPYb/i 3kqRObCkHV/il8O7fRFeh9BWYm60TCvyB4euPAk7SeTZlwrIEnW07JmqOquDYYGfX8mrYcGZTq CkT1y5EznJb/wnBYPd2/Q+cXNTJOxOX9yPIe1oq9Hexv3JEQ0q+UgpnoAOTcydLVLqN7MtCS0j dmSx50W3kl/CekoLL4aRWT7VI1Iln6FUDbDt37qvnUj4bg==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mx-out1.startmail.com) smtp.remote-ip=145.131.90.139; dkim=pass header.d=startmail.com header.s=2020-07 header.a=rsa-sha256; dmarc=pass header.from=use.startmail.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1691361687; bh=XZPJa3v1QoWn9Zs1xyDwdjL7ezGAocPdMcmi7KQ3Etg=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Transfer-Encoding:Content-Type:Subject:From:To: MIME-Version:Date:DKIM-Signature:Message-ID:DKIM-Signature; b=AXw8fXEU/x7mqcJjPXppkwqUFMLzY++GHcBot8KJaUoPjxAJfTEfd0Ko3REBenQubZ+cH4QSQZ FHwASiQjwoAt7MpI5FUTw7lBpCajat8KuKCNj3JQaKxifLeJWwF6gQjANMYojzvx+x836+oXIk iBLL4bBPL1+iarOTr9y25zEXuo6ueTa+CXfLN3VAtJWxte9GP5xwG0K0YhltHK2CSKilByTeWQ 76JKHcRVVMrFF/lWnu/oc2AFMe+DN8JAVfREDese945V5LKU+xQkHJOs0uwRNQDXOBvBKSfYCD UkqtvIZqs7FwWR3Hl2sKG83EO4UO/XLWfQZf13/xSgk7Qw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding: Content-Type:Subject:From:To:Mime-Version:Date:Message-ID:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References; bh=/YZqYMavtKOn9QzKzSNaPuGp0YK3qoyAnD0kfXsUnFw=; b=d/IjGdHviI2Aioo8dZhlsuLYh5 O0LYHuxpScVqOpZdvqtRh1tG+uCE/0DGkQS5CzYO37xkKSmQMvyEahgTQ0eVcnNQCebwwiuNANYad J4HqvPun8hvNFy1v+48fKPYslxoxpMEBMYD5BJCqBOrRmVFlK5yRayX+a4Q9x7sRD1CX+MJak0SIf ZSoSSqYTkGLjKum6OwolEeQIP0Wm6JfGf6mtzlAwavb1Vac0ZUJF4W/kABiu3W4q8RWxnBR009LI+ APxYdjmKuTldRcKHFDioOnrP+TPJ0vMpcRXYiV7rVHPfUfz6qm/0DpHzhw2MQLuE9aMvfbXWqFlY3 PsFiPULQ==; Received: by zero.zsh.org with local id 1qSmRC-0007QA-KP; Sun, 06 Aug 2023 22:41:26 +0000 Authentication-Results: zsh.org; iprev=pass (mx-out1.startmail.com) smtp.remote-ip=145.131.90.139; dkim=pass header.d=startmail.com header.s=2020-07 header.a=rsa-sha256; dmarc=pass header.from=use.startmail.com; arc=none Received: from mx-out1.startmail.com ([145.131.90.139]:33995) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1qSmQt-000764-Or; Sun, 06 Aug 2023 22:41:08 +0000 Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=startmail.com; s=2020-07; t=1691361665; bh=/YZqYMavtKOn9QzKzSNaPuGp0YK3qoyAnD0kfXsUnFw=; h=Message-ID:Date:Mime-Version:To:From:Subject:Content-Type: Content-Transfer-Encoding:From:Subject:To:Date:Sender:Content-Type: Content-Transfer-Encoding:Content-Disposition:Mime-Version: Reply-To:In-Reply-To:References:Message-Id:Autocrypt; b=owz4v6tUedBkI6bYzUBlaVl2al2cgltn/6ABW6fT6ziIvZFNbXC6mERqNuLoP2scj QG5kTkp3XqMy8JlLkdqE/zlGeMzhNvA++JnLtWT0nipxa+TjNwhpF1H6peMbSj79jC vIhASQ32cQDorordWeVIMr/N05eXNnwUv6wH4oveveFrtK7wtG6HNu90eUYa0Hc2nn TRxVLIAAGgyzxqTEltQ4b2tvbAWQaHbeLwz2FG1XLZVRkXD5E7GaaNq1cjSxubS+uq 6oqC38fOToW+LQi3yms6MBP+kI7pJMK1X41n8N7m+Rp5n1o/GeL/ePQ0zZT7mjtnHD fz4q/nlPiSkLQ== Date: Mon, 7 Aug 2023 00:41:05 +0200 Mime-Version: 1.0 Content-Language: en-US To: zsh-workers@zsh.org From: Robert Woods Subject: Bug: The capability CAP_WAKE_ALARM should be whitelisted. Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Seq: 52027 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: Hello, Since a recent update of my ArchLinux, I noticed that zsh consider my user account as privileged and display the sharp symbol (#) instead of the percent (%) symbol. The issue was triggered by the systemd update v254 from July 28, 2023. But let me explain the details first: 1) I noticed that the zsh package in ArchLinux is built with the option '--enable-cap'[1] 2) I noticed that the function 'privasserted' that checks if the current user is privileged or not, uses the linux capability[2]. If there is some effective capability sets, it considers the users as privileged. 3) I reproduced the function 'privasserted' on a toy C example to check the issue, and I noticed that 'CAP_WAKE_ALARM' was enabled. First I thought this issue was coming from a config error on my system, but then I figured that this capability was directly inherited from my "desktop manager" xlogin[3]. (It is not exactly a desktop manager since it is very lightweight, but you get the idea). 4) Since xlogin is simply a systemctl config to start my Xorg session I checked the last release of systemd, and sure thing, the release note of v254 (July 28, 2023) explains the origin of this issue[4]. Section "Security Relevant Changes" of the release v254 of systemd[4]: > pam_systemd will now by default pass the CAP_WAKE_ALARM ambient > process capability to invoked session processes of regular users on > local seats (as well as to systemd --user), unless configured > otherwise [...]. This is useful in order allow desktop tools such as > GNOME's Alarm Clock application to set a timer for > LOCK_REALTIME_ALARM that wakes up the system when it elapses. [...]. > Note that this capability is relatively narrow in focus (in > particular compared to other process capabilities such as > CAP_SYS_ADMIN) and we already — by default — permit more impactful > operations such as system suspend to local users. This change was made by Lennart Poettering himself in a GitHub PR[5]. My thoughts on that: * Since systemd is widely use, I expect this issue to become a real one: users will not understand why they are considered as privileged on zsh. * I understand the rationale of using the capabilities to check if a user is privileged or not, however, I think some capabilities should be whitelisted like CAP_WAKE_ALARM since it is not very harmful. * Even if systemd was not allowing CAP_WAKE_ALARM by default, some desktop manager would still enable it in their systemctl config anyway. So it doesn't change my previous point in my opinion. I hope my bug report is clear enough. I would like to take this opportunity to thank you for all the work you guys are doing on zsh! Kind regards, Footnotes: [1] https://gitlab.archlinux.org/archlinux/packaging/packages/zsh/-/blob/main/PKGBUILD#L74 [2] https://github.com/zsh-users/zsh/blob/zsh-5.9/Src/utils.c#L7522 [3] https://github.com/joukewitteveen/xlogin [4] https://github.com/systemd/systemd/releases/tag/v254 [5] https://github.com/systemd/systemd/pull/26548 -- Roberts Woods