On Wed, Oct 30, 2013 at 1:25 PM, Bart Schaefer wrote: > I have some concerns about the client/daemon model (for example what > prevents a malicious program from connecting to the daemon and sending > input that would cause the zpty shell to execute a command?) but I > haven't studied it very closely. > I dont understand how a zpty instance could be accessed from outside the process that started it(I'm assuming its not accessible) but it shouldn't be possible run commands as the daemon never sends any input that could cause 'accept-line' to be run. I would also use the following arguments to defend the security of the model: 1 - There's one daemon per user and the socket is writable only by the user that started the daemon 2 - The socket lives in a user-restricted (700) temporary directory 3 - If there's malicious code running in the user context, why would it need to connect to the daemon or a pty in order to damage the system? > Since you're already doing "zle recursive-edit", you might want to look > into creating your own keymap instead of changing widget bindings in > the main keymap. There are some examples and helper code for this in > Functions/Zle/keymap+widget in the distribution. > I've been playing with keymap+widget but I'm still deciding whether it is the best solution for the following reasons: - I'm only using recusive-edit because I couldn't do asynchronous updates to the zle RBUFFER using 'zle -F'(I started from the 'predict-on' code) - Sometimes I have to deactivate the autosuggestions feature and consequently some of the widget hooks(eg: editing the middle of the line or in vi normal mode) With the current issues in mind I have a few more questions: - Is it possible to update the zle RBUFFER from outside a widget? The hook set with 'zle -F' was being executed outside recursive-edit but it couldnt modify the RBUFFER variable in that case. In the IRC channel Valodim mentioned that the hook was not being executed inside zle's context. If so, is there a way to enter zle's context from a hook set with 'zle -F' ? - Can the keymap+widget feature be used outside recursive-edit? From what I understood it will be in effect whenever a [keymap]+[widget] function is defined and [keymap] is active, if thats the case I can simply switch keymaps with 'zle -K [keymap]' whenever I need a set of widget hooks to be active right? - Whats the best way to modify RBUFFER before a completion widget is executed? I've tried the comppostfuncs but the RBUFFER variable is read-only in that context.