From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2426 invoked from network); 23 Jun 2000 07:09:49 -0000 Received: from sunsite.auc.dk (130.225.51.30) by ns1.primenet.com.au with SMTP; 23 Jun 2000 07:09:49 -0000 Received: (qmail 11328 invoked by alias); 23 Jun 2000 07:09:41 -0000 Mailing-List: contact zsh-workers-help@sunsite.auc.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 12041 Received: (qmail 11321 invoked from network); 23 Jun 2000 07:09:40 -0000 Date: Fri, 23 Jun 2000 09:09:37 +0200 (MET DST) Message-Id: <200006230709.JAA05621@beta.informatik.hu-berlin.de> From: Sven Wischnowsky To: zsh-workers@sunsite.auc.dk In-reply-to: "Bart Schaefer"'s message of Thu, 22 Jun 2000 16:23:33 +0000 Subject: PATCH: Re: Permissions directories Bart Schaefer wrote: > On Jun 22, 1:07pm, Sven Wischnowsky wrote: > } Subject: Re: Permissions directories > } > } Bart Schaefer wrote: > } > } > I think it's got the test wrong for > } > the .zwc files, though -- e.g. if the parent of a directory in $fpath > } > is writable, I believe under the current tests I could still create a > } > trojan .zwc file there > } > } Digest files are not used automatically, they have to be named in > } $fpath. > > Oh, so the documentation under "Autoloaded Functions" is wrong? Oh, no... I was wrong (obviously this was changed some time...). > ... > > } Or should we give that as a choice at the prompt (don't use/use/ignore)? > > It wouldn't hurt, but it's not as important. However, I think you have > the prompt wrong ... isn't the default answer usually the first one? You > have "... continue [yn]?" but if I just hit return that's taken as n, not > y, so it should be "... continue [ny]?". I was about to append a patch, > but then I became indecisive as to the default *should* be, particularly > if we allow three choices. The patch only changes the prompt. compinit just uses `read -q' and the default behaviour comes from there. Bye Sven Index: Completion/Core/compinit =================================================================== RCS file: /cvsroot/zsh/zsh/Completion/Core/compinit,v retrieving revision 1.6 diff -u -r1.6 compinit --- Completion/Core/compinit 2000/06/22 11:09:18 1.6 +++ Completion/Core/compinit 2000/06/23 07:09:14 @@ -347,9 +347,21 @@ if [[ "$_i_fail" != use ]]; then typeset _i_q - _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID}) ) - _i_wfiles=( ${^~fpath:/.}/^([^_]*|*~)(N^u0u${EUID}) ) + # We search for: + # - world/group-writable directories in fpath not owned by root or the user + # - parent-directories of directories in fpath that are world/group-writable + # and not owned by root or the user (that would allow someone to put a + # digest file for one of the directories into the parent directory) + # - digest files for one of the directories in fpath not owned by root or + # the user + # - and for files in directories from fpath not owned by root or the user + # (including zwc files) + _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID}) + ${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID}) + ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) ) + _i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) ) + case "${#_i_wdirs}:${#_i_wfiles}" in 0:0) _i_q= ;; 0:*) _i_q=files ;; @@ -359,7 +371,7 @@ if [[ -n "$_i_q" ]]; then if [[ "$_i_fail" = ask ]]; then - if ! read -q "?There are insecure $_i_q, continue [yn]? "; then + if ! read -q "?There are insecure $_i_q, continue [ny]? "; then unfunction compinit compdef unset _comp_dumpfile _comp_secure compprefuncs comppostfuncs \ _comps _patcomps _postpatcomps _compautos _lastcomp @@ -369,8 +381,8 @@ _i_wfiles=() _i_wdirs=() else - (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles})}" ) - (( $#_i_wdirs )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs})/*}" ) + (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles%.zwc})}" ) + (( $#_i_wdirs )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs%.zwc})/*}" ) fi fi _comp_secure=yes -- Sven Wischnowsky wischnow@informatik.hu-berlin.de