From: Peter Stephenson <p.w.stephenson@ntlworld.com>
To: Zsh Hackers' List <zsh-workers@zsh.org>
Subject: PATCH: compaudit allows owner of executable
Date: Wed, 30 Jan 2013 21:11:48 +0000 [thread overview]
Message-ID: <20130130211148.6365d1f2@pws-pc.ntlworld.com> (raw)
This prevents compaudit failing on the case where the whole of zsh,
executable and function library, has been installed by a non-root user.
If you are running the executable, you necessarily trust whoever owns
it, so there's no point complaining if they also own the completion
files. We could print a warning message, but it seems way too late for
that.
I couldn't think of a reasonably safe, standard way of finding out who
owns the executable, however. So I've done it using the /proc file
system. I've also assumed zstat is available from zsh/stat.
Suggestions for improvements welcome.
Index: Completion/compaudit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/compaudit,v
retrieving revision 1.11
diff -p -u -r1.11 compaudit
--- Completion/compaudit 10 Sep 2011 17:09:51 -0000 1.11
+++ Completion/compaudit 30 Jan 2013 21:10:33 -0000
@@ -82,18 +82,31 @@ fi
[[ $_i_fail == use ]] && return 0
+# We will always allow files to be owned by root and the owner of the
+# present process.
+local owners="u0u${EUID}"
+
+# If we can find out who owns the executable, we will allow files to
+# be owned by that user, too. The argument is that if you don't trust
+# the owner of the executable, it's way too late to worry about it now...
+if [[ -e /proc/$$/exe ]] && zmodload -F zsh/stat b:zstat 2>/dev/null; then
+ local -A stathash
+ if zstat -H stathash /proc/$$/exe && [[ $stathash[uid] -ne 0 ]]; then
+ owners+="u${stathash[uid]}"
+ fi
+fi
+
# We search for:
-# - world/group-writable directories in fpath not owned by root and the user
+# - world/group-writable directories in fpath not owned by $owners
# - parent-directories of directories in fpath that are world/group-writable
-# and not owned by root and the user (that would allow someone to put a
+# and not owned by $owners (that would allow someone to put a
# digest file for one of the directories into the parent directory)
-# - digest files for one of the directories in fpath not owned by root and
-# the user
-# - and for files in directories from fpath not owned by root and the user
+# - digest files for one of the directories in fpath not owned by $owners
+# - and for files in directories from fpath not owned by $owners
# (including zwc files)
-_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID})
- ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) )
+_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^${owners})
+ ${^fpath:h}(N-f:g+w:,-f:o+w:,-^${owners}) )
# RedHat Linux "per-user groups" check. This is tricky, because it's very
# difficult to tell whether the sysadmin has put someone else into your
@@ -111,7 +124,7 @@ if (( $#_i_wdirs )); then
if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]
then
- _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) )
+ _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^${owners}) )
fi
fi
@@ -122,8 +135,8 @@ then
_i_wdirs=( ${_i_wdirs:#/usr/local/*} ${^_i_ulwdirs}(Nf:g+ws:^g:staff:,f:o+w:,^u0) )
fi
-_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^u0u${EUID}) )
-_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^u0u${EUID}) )
+_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^${owners}) )
+_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^${owners}) )
case "${#_i_wdirs}:${#_i_wfiles}" in
(0:0) _i_q= ;;
--
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/
next reply other threads:[~2013-01-30 21:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-30 21:11 Peter Stephenson [this message]
2013-01-30 21:40 ` Danek Duvall
2013-01-31 19:45 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130130211148.6365d1f2@pws-pc.ntlworld.com \
--to=p.w.stephenson@ntlworld.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).