* Misleading/not-as-useful-as-it-could-be error message
@ 2008-03-28 12:44 Richard Hartmann
2008-03-28 14:55 ` Peter Stephenson
0 siblings, 1 reply; 2+ messages in thread
From: Richard Hartmann @ 2008-03-28 12:44 UTC (permalink / raw)
To: Zsh hackers list
Hi,
I just found out about a neat feature: When a completion function is
writeable by non-root, zsh will complain about the fact.
You get:
Ignore insecure files and continue [ny]?
I see two problems with this:
1) The user does not know it is zsh saying this, it could be anything,
really.
2) The user is not told _what_ files are considered insecure and why.
Adding a note on where & why the files were sourced/loaded would
be an optional extra.
Other than that, I love this feature. Once again zsh devs have handled
a situation I did not even really think about until I stumbled into it :)
Richard
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Misleading/not-as-useful-as-it-could-be error message
2008-03-28 12:44 Misleading/not-as-useful-as-it-could-be error message Richard Hartmann
@ 2008-03-28 14:55 ` Peter Stephenson
0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2008-03-28 14:55 UTC (permalink / raw)
To: Zsh hackers list
On Fri, 28 Mar 2008 13:44:11 +0100
"Richard Hartmann" <richih.mailinglist@gmail.com> wrote:
> I just found out about a neat feature: When a completion function is
> writeable by non-root, zsh will complain about the fact.
>
> You get:
> Ignore insecure files and continue [ny]?
>
> I see two problems with this:
> 1) The user does not know it is zsh saying this, it could be anything,
> really.
> 2) The user is not told _what_ files are considered insecure and why.
>
> Adding a note on where & why the files were sourced/loaded would
> be an optional extra.
People have complained before (now in the dim distant past, I think even
before I became responsible for this by default) that this is a bit terse.
If you type 'n' it tells you to run compaudit to see what was wrong, but
(a) it's not very clear what 'n' means (b) you can run it if you type 'y',
too, which is still as safe since it ignores the files in question. The
reason for typing 'n' wouldn't be security, it would be the worry that you
haven't got a complete completion system, although if you fix the problem
you can run compinit again.
Index: Completion/compinit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/compinit,v
retrieving revision 1.18
diff -u -r1.18 compinit
--- Completion/compinit 1 Nov 2007 10:56:39 -0000 1.18
+++ Completion/compinit 28 Mar 2008 14:48:46 -0000
@@ -417,8 +417,9 @@
if ! eval compaudit; then
if [[ -n "$_i_q" ]]; then
if [[ "$_i_fail" = ask ]]; then
- if ! read -q "?Ignore insecure $_i_q and continue [ny]? "; then
- print -u2 "run compaudit to see list of insecure $_i_q"
+ if ! read -q \
+"?zsh compinit: insecure $_i_q, run compaudit for list.
+Ignore insecure $_i_q and continue [y] or abort compinit [n]? "; then
print -u2 "$0: initialization aborted"
unfunction compinit compdef
unset _comp_dumpfile _comp_secure compprefuncs comppostfuncs \
--
Peter Stephenson <pws@csr.com> Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-03-28 14:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-28 12:44 Misleading/not-as-useful-as-it-could-be error message Richard Hartmann
2008-03-28 14:55 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).