From: Andrew Janke <floss@apjanke.net>
To: Bart Schaefer <schaefer@brasslantern.com>,
Zsh hackers list <zsh-workers@zsh.org>
Subject: Re: "compinit -i" not excluding some insecure dirs?
Date: Mon, 28 Sep 2015 17:52:04 -0400 [thread overview]
Message-ID: <5609B684.2010303@apjanke.net> (raw)
In-Reply-To: <150928141732.ZM15458@torch.brasslantern.com>
On 9/28/15 5:17 PM, Bart Schaefer wrote:
> On Sep 28, 7:28am, Andrew Janke wrote:
> }
> } What is the expected behavior for compinit's "-i" switch? The doco says
> } it will " silently ignore all insecure files and directories". I
> } interpret that to mean "silently exclude insecure files and dirs from
> } use in the completion system", as opposed to "silently ignore the
> } security check failures and use them anyway". If this is the case, it
> } looks like there might be an issue with the "compinit -i" code.
>
> There's only so much that compinit can do. It doesn't actually change
> your $fpath to remove the insecure directories; it merely doesn't look
> at them when scanning for files that contain #compdef, #autoload, etc.
> on the first line.
>
> So if you have fpath=(/insecure /secure) and there is _kill in both
> places, the one in /secure will be used for #compdef at time of
> compinit, but the one in /insecure will still be used at the time
> the function is called, because $fpath search order says it should.
But in this case I think it *is* scanning the insecure directory: I had
a _foo only in /insecure, not in /secure, and it still got picked up by
compinit and used for completion. (Sorry if my example was unclear: I
copied _kill to _foo just so I'd have a readily recognizable completion
output.)
But that's a good point about $fpath at the function call time really
being what matters.
>
> I must grudgingly admit that this is closely related to Ray Andrew's
> (incorrect) expectation that once the "autoload" *command* is issued,
> the source file of the corresponding function is locked down.
>
> To really be secure, a re-check would have to be done at the instant
> of the first function call, or all the functions would have to be pre-
> loaded at the instant of compaudit (which is exactly what compinit is
> attempting to *avoid* doing).
next prev parent reply other threads:[~2015-09-28 21:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-28 11:28 Andrew Janke
2015-09-28 21:17 ` Bart Schaefer
2015-09-28 21:52 ` Andrew Janke [this message]
2015-09-29 17:59 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5609B684.2010303@apjanke.net \
--to=floss@apjanke.net \
--cc=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).