PATCH: Re: Permissions directories

PATCH: Re: Permissions directories

[Sven Wischnowsky]

Bart Schaefer wrote:

> On Jun 22,  1:07pm, Sven Wischnowsky wrote:
> } Subject: Re: Permissions directories
> }
> } Bart Schaefer wrote:
> } 
> } > I think it's got the test wrong for
> } > the .zwc files, though -- e.g. if the parent of a directory in $fpath
> } > is writable, I believe under the current tests I could still create a
> } > trojan .zwc file there
> } 
> } Digest files are not used automatically, they have to be named in
> } $fpath.
> 
> Oh, so the documentation under "Autoloaded Functions" is wrong?

Oh, no... I was wrong (obviously this was changed some time...).

> ...
> 
> } Or should we give that as a choice at the prompt (don't use/use/ignore)?
> 
> It wouldn't hurt, but it's not as important.  However, I think you have
> the prompt wrong ... isn't the default answer usually the first one?  You
> have "... continue [yn]?" but if I just hit return that's taken as n, not
> y, so it should be "... continue [ny]?".  I was about to append a patch,
> but then I became indecisive as to the default *should* be, particularly
> if we allow three choices.

The patch only changes the prompt. compinit just uses `read -q' and
the default behaviour comes from there.


Bye
 Sven

Index: Completion/Core/compinit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/Core/compinit,v
retrieving revision 1.6
diff -u -r1.6 compinit
--- Completion/Core/compinit	2000/06/22 11:09:18	1.6
+++ Completion/Core/compinit	2000/06/23 07:09:14
@@ -347,9 +347,21 @@
   if [[ "$_i_fail" != use ]]; then
     typeset _i_q
 
-    _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID}) )
-    _i_wfiles=( ${^~fpath:/.}/^([^_]*|*~)(N^u0u${EUID}) )
+    # We search for:
+    # - world/group-writable directories in fpath not owned by root or the user
+    # - parent-directories of directories in fpath that are world/group-writable
+    #   and not owned by root or the user (that would allow someone to put a
+    #   digest file for one of the directories into the parent directory)
+    # - digest files for one of the directories in fpath not owned by root or
+    #   the user
+    # - and for files in directories from fpath not owned by root or the user
+    #   (including zwc files)
 
+    _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID})
+               ${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID})
+               ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) )
+    _i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) )
+
     case "${#_i_wdirs}:${#_i_wfiles}" in
     0:0) _i_q= ;;
     0:*) _i_q=files ;;
@@ -359,7 +371,7 @@
 
     if [[ -n "$_i_q" ]]; then
       if [[ "$_i_fail" = ask ]]; then
-        if ! read -q "?There are insecure $_i_q, continue [yn]? "; then
+        if ! read -q "?There are insecure $_i_q, continue [ny]? "; then
           unfunction compinit compdef
           unset _comp_dumpfile _comp_secure compprefuncs comppostfuncs \
                 _comps _patcomps _postpatcomps _compautos _lastcomp
@@ -369,8 +381,8 @@
         _i_wfiles=()
 	_i_wdirs=()
       else
-        (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles})}"  )
-        (( $#_i_wdirs ))  && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs})/*}" )
+        (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles%.zwc})}"  )
+        (( $#_i_wdirs ))  && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs%.zwc})/*}" )
       fi
     fi
     _comp_secure=yes

--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de

Re: PATCH: Re: Permissions directories

[Bart Schaefer]

On Jun 23,  9:09am, Sven Wischnowsky wrote:
} Subject: PATCH: Re: Permissions directories
}
} +    # We search for:
} +    # - world/group-writable directories in fpath not owned by root or the user
} +    # - parent-directories of directories in fpath that are world/group-writable
} +    #   and not owned by root or the user

I think you meant "... OR not owned by ..." rather than "and."

Of course it now occurs to me that the one remaining problem is that if
the directory or file containing the compinit function is writable, none
of this is going to make any difference.

I suppose at some point you just have to trust your installation.  I'd be
tempted to suggest that compinit should be at least partially moved into
the C code in the computil module, but then we're not doing any ownership/
writability tests on dynamically-loaded modules in the C code, either.

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com

Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net   

Re: PATCH: Re: Permissions directories

[Sven Wischnowsky]

Bart Schaefer wrote:

> On Jun 23,  9:09am, Sven Wischnowsky wrote:
> } Subject: PATCH: Re: Permissions directories
> }
> } +    # We search for:
> } +    # - world/group-writable directories in fpath not owned by root or the user
> } +    # - parent-directories of directories in fpath that are world/group-writable
> } +    #   and not owned by root or the user
> 
> I think you meant "... OR not owned by ..." rather than "and."

That's a Germanism[1], should have known, that, though.

> Of course it now occurs to me that the one remaining problem is that if
> the directory or file containing the compinit function is writable, none
> of this is going to make any difference.

Indeed >;->

> I suppose at some point you just have to trust your installation.  I'd be
> tempted to suggest that compinit should be at least partially moved into
> the C code in the computil module, but then we're not doing any ownership/
> writability tests on dynamically-loaded modules in the C code, either.

I was tempted to do that for the loop(s) that read the #compdef
tags (to make it faster). But even this (and the globbing even more)
is so much more convenient to write in shell code...

Bye
 Sven

Index: Completion/Core/compinit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/Core/compinit,v
retrieving revision 1.7
diff -u -r1.7 compinit
--- Completion/Core/compinit	2000/06/23 07:10:41	1.7
+++ Completion/Core/compinit	2000/06/23 08:01:05
@@ -348,13 +348,13 @@
     typeset _i_q
 
     # We search for:
-    # - world/group-writable directories in fpath not owned by root or the user
+    # - world/group-writable directories in fpath not owned by root and the user
     # - parent-directories of directories in fpath that are world/group-writable
-    #   and not owned by root or the user (that would allow someone to put a
+    #   and not owned by root and the user (that would allow someone to put a
     #   digest file for one of the directories into the parent directory)
-    # - digest files for one of the directories in fpath not owned by root or
+    # - digest files for one of the directories in fpath not owned by root and
     #   the user
-    # - and for files in directories from fpath not owned by root or the user
+    # - and for files in directories from fpath not owned by root and the user
     #   (including zwc files)
 
     _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID})

--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de