From: Peter Stephenson <p.stephenson@samsung.com>
To: Nick Irvine <nfirvine@nfirvine.com>, zsh-users@zsh.org
Subject: Re: compinit trusts .zcompdump even when it's owned by a different user?
Date: Wed, 06 Jan 2016 09:36:59 +0000 [thread overview]
Message-ID: <20160106093659.2cd1ad5d@pwslap01u.europe.root.pri> (raw)
In-Reply-To: <CAEiyHik4aCgcHhadAN_ApdpLBW=K_Dzez4mi4RgkLeE7psch3g@mail.gmail.com>
On Wed, 06 Jan 2016 01:58:55 +0000
Nick Irvine <nfirvine@nfirvine.com> wrote:
> This may be a bug or misfeature in zsh, but I don't know it that well and I
> may be misunderstanding.
>
> compinit (the function that initializes completions) runs compaudit to
> enforce a security model whereby it will only load completion functions
> from directories in your $fpath that are considered "secure" (owned by root
> or me, not world-writable, etc.). It will warn the user about insecure
> paths and prompt to either skip them or abort. That's all well and good.
>
> It creates a cache of the results at ~/.zcompdump. AFAICT, it is only
> invalidated (i.e., deleted)*manually*.
It's updated automatically, but never invalidated automatically.
> I'm not entirely clear what's in the cache, so I can't say if this is
> really a big security issue. But, at the very least, compinit will consider
> the cache valid even if it's owned by a different user, thereby avoiding
> loading completion functions that *are* valid for the current user but
> *weren't* for the previous one.
The standard fix for this is to point different users at different
files. Run compinit with the -d option, e.g.
compinit -d ~/.compdump_${USER}
This is the only way you're going to have two users in the same area
with the same basic environment (home directory in particular)
co-existing (regardless of compaudit).
The security issue is a separate one and I don't have a glib answer to
that. I think the assumption has been the dump file, unlike the
contents of your $fpath, will always be written in an area to which no
one other than you and the superuser has access, unless you've
explicitly given it to someone. Certainly, as currently implemented,
compaudit is really there to check for zsh functions you don't want to
autoload owing to the fact that $fpath might point at anything --- not as
a security check for files in your own area, which is a whole different
ball game. If you're worried about the dump file, why are .zshrc or
.zshenv, typically in the same area, not even more of a worry?
pws
next prev parent reply other threads:[~2016-01-06 9:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-06 1:58 Nick Irvine
2016-01-06 9:36 ` Peter Stephenson [this message]
2016-01-06 23:41 ` Nick Irvine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160106093659.2cd1ad5d@pwslap01u.europe.root.pri \
--to=p.stephenson@samsung.com \
--cc=nfirvine@nfirvine.com \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).