* compaudit
@ 2012-10-23 16:21 Peter Stephenson
0 siblings, 0 replies; only message in thread
From: Peter Stephenson @ 2012-10-23 16:21 UTC (permalink / raw)
To: zsh workers
Just while it's in my mind...
zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]?
It occurs to me this is too draconian in the case where the files are
owned by the same user who owns the zsh binary. At worst we should
report 'zsh installed by unprivileged user x, OK to continue with
compinit?' rather than either ignore all the files or abort completely.
Either you trust the user who installed the shell or you don't.
pws
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-10-23 16:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-23 16:21 compaudit Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).