help / color / mirror / code / Atom feed
* questions re: NO_PROMPT_PERCENT
@ 2021-08-07  3:06 Roman Neuhauser
  2021-08-09 20:46 ` Oliver Kiddle
  0 siblings, 1 reply; 3+ messages in thread
From: Roman Neuhauser @ 2021-08-07  3:06 UTC (permalink / raw)
  To: zsh-users

i was playing with my prompt settings, and arrived at a place
where i was setting PROMPT to a value with no remaining %-sequences
to expand (i was trying to achieve a particular visual effect which
depends on the contents of the expanded prompt).

prompt-git-info # populates $git_info
declare -a bits=("%(!~ "!%!" "?%?" "%%""%j" "%3~" "$git_info")
declare -a s=("%B" "%S")
# vvvvvvvvvvvvvvvvvvvv
declare tmp="${(%j: :)bits}"
# insert more %-sequences between characters in $tmp
# ^^^^^^^^^^^^^^^^^^^^
PROMPT="${(%j::)s} $tmp ${(%j::)${(@LMOa)s#%?}} "

if i'm reading this situation correctly (am I?  honest question!),
a malicious repository could use PROMPT_PERCENT to paint over my
prompt with fake data (`ESC [ Ps G` for a start), and what i should
be doing instead is

#      vvvvvvvvvvvvvvv
setopt nopromptpercent
#      ^^^^^^^^^^^^^^^
declare -a bits=("%(!~#~:)" "!%!" "?%?" "%%""%j" "%3~")
declare tmp="${(%j: :)bits}"
#      vvvvvvvvvvvvvvv
tmp+=" ${(V)git_info}"
#      ^^^^^^^^^^^^^^^
# insert more %-sequences between characters in $tmp
PROMPT="${(%j::)s} $tmp ${(%j::)${(@LMOa)s#%?}} "

BTW, i'm not much of a target and i don't think my PROMPT would
be the anyone's first choice of an attack vector against me,
but please humor me.

so i tried turning PROMPT_PERCENT off, and ended up with broken

* completion
* corrections
* xtrace (i know, PS4)

and possibly more (i know about select) but i didn't look further and
reverted, the completion system must be using a mix of print -P and
${(%)..} (the latter is unperturbed by the setting) since the terminal
gets unusable promptly, pun intended. (the shell loses track of the

i looked at the code history, the option goes beyond 1999, and mere
git log / git grep does not give much detail about behavior expected
back then; eg. it's possible print -P didn't even exist back then.

  % git grep -i -e percent c175751b5 -- ChangeLog
  c175751b5:ChangeLog:      Src/options.c, Src/prompt.c, Src/zsh.h: Options PROMPT_PERCENT

(there's no Src/ in the c175751b5 tree as far as i can see)

my questions are:

* is there a meaningful difference between
  set +o promptsubst; PROMPT="... $var ..."
  set -o promptsubst; PROMPT='... $var ...'?
* is my understanding of PROMPT being susceptible to malicious
  data substituted directly as above correct?  what are effective
  mitigations? does ${(V)} really have me covered under PROMPTSUBST?
  what are the limits imposed by %{...%}?  the manual says it "should
  not change the cursor position", a quick test suggests it would be
  better worded as "will not be allowed ..."?  this deserves more
  detail in the text.
* does the topic deserve better coverage in the manual?
  i'm convinced it does.
* would everyone (is there one?) using nopromptpercent raise their hand?
  please describe your interactive use of zsh 5.x with nopromptpercent!
* i keep praising zsh for its conservatism, but screw 1999, what is the
  *goal* of the setting *today*?  ie. is the impact NOPROMPTPERCENT has
  on CORRECT expected?  is it *desired*?  why?  what are the $REASONS
  in "displaying the CORRECT prompt without substituting %R or %r is a
  major goal of this option because $REASONS"?  i mean, if CORRECT is
  a security concern (how?) then there's NOCORRECT, no?
* why does it affect `print -P`?
* why does it *not* affect the % parameter expansion flag?


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-08-09 21:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-07  3:06 questions re: NO_PROMPT_PERCENT Roman Neuhauser
2021-08-09 20:46 ` Oliver Kiddle
2021-08-09 21:49   ` Bart Schaefer

Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).