From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22547 invoked by alias); 22 Jul 2016 07:19:41 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 38912 Received: (qmail 23190 invoked from network); 22 Jul 2016 07:19:41 -0000 X-Qmail-Scanner-Diagnostics: from out5-smtp.messagingengine.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(66.111.4.29):SA:0(0.0/5.0):. Processed in 0.173533 secs); 22 Jul 2016 07:19:41 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1 X-Envelope-From: d.s@daniel.shahaf.name X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: none (ns1.primenet.com.au: domain at daniel.shahaf.name does not designate permitted sender hosts) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=+HO/jOOYL8AzxQLE GfDbGFLeR8g=; b=VMbjima5Irx9Sysk9k3Jfz0snOL481Ekx3xkPN3TjGKvdt6O HBR+wjrrxBBH4UBFaXq5Ub3knykgj8qON6FEyxUQM5e6LE7lW0PPyWI+oDIaAPcv UUh0AigCwqFrwe3PFfsS4g4w2p6JHvo31kT7uWX0ackZ/hAgZMjrKgWtjLU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=+HO/jOOYL8AzxQL EGfDbGFLeR8g=; b=CA9Ix8oYC/6cf32ah0mjXk0xkPjlioAI0ePlhXnVzMFtE18 C+8jcd7y6/mcvoSEimKUV23ZQHUQTA55zymbt9uN5ZIx3SxIh+oCH/UXFgMy9H84 S/jvzs69mn9GXXAmTRePtZpvWgUkZkfY8i1PjsT4zLvDs5tDO1f8Jst9ALws= X-Sasl-enc: cAH7OEKz02k3LEV9s+v5CArqPmAIMAuVzktYOI/Hrxvs 1469171971 Date: Fri, 22 Jul 2016 07:19:27 +0000 From: Daniel Shahaf To: Oliver Kiddle Cc: Marko Myllynen , zsh-workers@zsh.org Subject: Re: [PATCH] _virsh (Was: Re: zsh virsh completion) Message-ID: <20160722071927.GG2521@tarsus.local2> References: <8eb6dce0-50d7-5ab2-503a-194c1de2e45d@redhat.com> <20160713045957.GA3893@tarsus.local2> <9968da53-c1fd-fa2a-f30c-c74f884d2478@redhat.com> <20160720065832.GA28939@tarsus.local2> <699166a0-b0f0-452c-2561-b7e3cc952062@redhat.com> <25001.1469117569@hydra.kiddle.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <25001.1469117569@hydra.kiddle.eu> User-Agent: Mutt/1.5.21 (2010-09-15) Oliver Kiddle wrote on Thu, Jul 21, 2016 at 18:12:49 +0200: > Marko Myllynen wrote: > > + _values servers ${=${(S)${${(f)$(sudo virt-admin srv-list)}##*--- }//[0-9]* }} && return 0 > > > + _values servers ${=${${(f):-"$(sudo virt-admin srv-clients-list --server $srv)"}/ [a-z]*}//[^0-9]} && return 0 > > I have pushed the change but I've just noticed these two lines. I'm not > sure it is a good idea to be running sudo within completion functions. > That can trigger logging and is often denied when you're already root. > And there may be alternatives like doas. > > There's also another instance of this in Mandriva/Command/_rebootin. > > Anyone, have any thoughts on how this should be handled? I'm inclined > to think that users should have to specifically set a gain-root > style to enable this. Or perhaps it could only trigger if you > complete after sudo virt-admin. In principle, I fully agree with you, with two differences: First, in addition to 'zstyle -t … gain-root' and '(( $+funcstack[(r)_sudo] ))' as the conditions for invoking sudo, I think a third alternative is to use _call_program and let the user set the 'command' style to '-sudo'. Secondly, you don't touch on what we would do when the 'gain-root' style is unset. Given Marko's later email that virt-admin is not usable by non-root users, perhaps we should do this: . if (( EUID == 0 )); then # call 'virt-admin' elif The 'gain-root' or 'command' style is set; then # call virt-admin with sudo (or whatever the style prescribes) else _message "zsh: _libvirt: can't list completions because the 'gain-root' style is unset" return 1 fi . ? The error message can also include the 'zstyle' incantation that sets the style appropriately, to make it easier for the user. Also, we should sanitize that $srv parameter before passing it to a command run as root. I'm not sure how virt-admin's command-line parser works: is there any possibility for $srv to be tokenised as anything other than the argument of the --server option? Cheers, Daniel > Oliver