From: Nick Irvine <nfirvine@nfirvine.com>
To: Peter Stephenson <p.stephenson@samsung.com>, zsh-users@zsh.org
Subject: Re: compinit trusts .zcompdump even when it's owned by a different user?
Date: Wed, 6 Jan 2016 15:41:29 -0800 [thread overview]
Message-ID: <CAEiyHin3DDhcvLZaM_rw0oOwb9BfXdvhOPXBJq+Qf6CZ6hPo8Q@mail.gmail.com> (raw)
In-Reply-To: <20160106093659.2cd1ad5d@pwslap01u.europe.root.pri>
[-- Attachment #1: Type: text/plain, Size: 1597 bytes --]
>
> The standard fix for this is to point different users at different
> files. Run compinit with the -d option, e.g.
>
> compinit -d ~/.compdump_${USER}
>
> This is the only way you're going to have two users in the same area
> with the same basic environment (home directory in particular)
> co-existing (regardless of compaudit).
>
I'm inclined to agree. I'm using prezto and they do compinit for you. Am
trying to convince maintainer that a -d is a good idea.
The security issue is a separate one and I don't have a glib answer to
> that. I think the assumption has been the dump file, unlike the
> contents of your $fpath, will always be written in an area to which no
> one other than you and the superuser has access, unless you've
> explicitly given it to someone. Certainly, as currently implemented,
> compaudit is really there to check for zsh functions you don't want to
> autoload owing to the fact that $fpath might point at anything --- not as
> a security check for files in your own area, which is a whole different
> ball game. If you're worried about the dump file, why are .zshrc or
> .zshenv, typically in the same area, not even more of a worry?
>
Yep, good points. It's more a matter of my expectations: I didn't expect
zsh to trust a cache owner by another, so it added to my confusion.
Anyway...
After some more debugging, I found out that awscli's zsh completion script
(which I was sourcing) was causing compinit to be run again, causing havoc.
So I've fixed my problem (in that I can't repro it now). Not sure if
there's still anything to be done here or not.
prev parent reply other threads:[~2016-01-06 23:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-06 1:58 Nick Irvine
2016-01-06 9:36 ` Peter Stephenson
2016-01-06 23:41 ` Nick Irvine [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEiyHin3DDhcvLZaM_rw0oOwb9BfXdvhOPXBJq+Qf6CZ6hPo8Q@mail.gmail.com \
--to=nfirvine@nfirvine.com \
--cc=p.stephenson@samsung.com \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).