From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7152 invoked from network); 16 May 2008 09:27:20 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.4 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 16 May 2008 09:27:20 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 99644 invoked from network); 16 May 2008 09:27:15 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 16 May 2008 09:27:15 -0000 Received: (qmail 7923 invoked by alias); 16 May 2008 09:27:11 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 25050 Received: (qmail 7911 invoked from network); 16 May 2008 09:27:11 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 16 May 2008 09:27:11 -0000 Received: from cluster-d.mailcontrol.com (cluster-d.mailcontrol.com [217.69.20.190]) by bifrost.dotsrc.org (Postfix) with ESMTP id 0197780589A4 for ; Fri, 16 May 2008 11:27:05 +0200 (CEST) Received: from cameurexb01.EUROPE.ROOT.PRI ([62.189.241.200]) by rly50d.srv.mailcontrol.com (MailControl) with ESMTP id m4G9QkkS017804 for ; Fri, 16 May 2008 10:27:04 +0100 Received: from news01 ([10.103.143.38]) by cameurexb01.EUROPE.ROOT.PRI with Microsoft SMTPSVC(6.0.3790.3959); Fri, 16 May 2008 10:26:41 +0100 Date: Fri, 16 May 2008 10:26:42 +0100 From: Peter Stephenson To: zsh-workers@sunsite.dk Subject: Re: functions/Completion/Linux/_modutils Message-ID: <20080516102642.5631d529@news01> In-Reply-To: <200805151700.m4FH0Z30019508@news01.csr.com> References: <4829BF7A.20203@sergio.spb.ru> <080513201714.ZM10079@torch.brasslantern.com> <482AF445.3080909@sergio.spb.ru> <080514085511.ZM11897@torch.brasslantern.com> <482B1123.5050206@sergio.spb.ru> <080514094046.ZM11975@torch.brasslantern.com> <20080515121601.GB31408@scru.org> <691a5d910805150958w60d3ac28k5a635093cdfc4d3b@mail.gmail.com> <200805151700.m4FH0Z30019508@news01.csr.com> Organization: CSR X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.5; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 May 2008 09:26:41.0833 (UTC) FILETIME=[F350B990:01C8B736] X-Scanned-By: MailControl A-08-50-03 (www.mailcontrol.com) on 10.68.0.160 X-Virus-Scanned: ClamAV 0.91.2/7132/Fri May 16 00:14:34 2008 on bifrost X-Virus-Status: Clean On Thu, 15 May 2008 18:00:35 +0100 Peter Stephenson wrote: > "Bart Schaefer" wrote: > > On Thu, May 15, 2008 at 5:16 AM, Clint Adams wrote: > > > > > > zstyle ':completion:*:sudo:*' command-path /usr/local/sbin /usr/local/bin \ > > > /usr/sbin /usr/bin /sbin /bin /usr/X11R6/bin > > > > OK, so maybe the right thing is to ignore my patch and have _sudo grab > > the value of *that* style and export it. > > Sounds pretty sensible, but we definitely want to document that this > happens for security reasons. Thinking more, security surely isn't an issue after all. Nothing is actually being run here as superuser, and you're only using the command-path (as the current user) that the current user has explicitly told you it's OK to use. So there's no more problem with Trojans than with any other use of paths by the shell. -- Peter Stephenson Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070