PATCH: Re: Permissions directories

[Sven Wischnowsky <wischnow@xxxxxxxxxxxxxxxxxxxxxxx>]

Bart Schaefer wrote:

> On Jun 22,  1:07pm, Sven Wischnowsky wrote:
> } Subject: Re: Permissions directories
> }
> } Bart Schaefer wrote:
> } 
> } > I think it's got the test wrong for
> } > the .zwc files, though -- e.g. if the parent of a directory in $fpath
> } > is writable, I believe under the current tests I could still create a
> } > trojan .zwc file there
> } 
> } Digest files are not used automatically, they have to be named in
> } $fpath.
> 
> Oh, so the documentation under "Autoloaded Functions" is wrong?

Oh, no... I was wrong (obviously this was changed some time...).

> ...
> 
> } Or should we give that as a choice at the prompt (don't use/use/ignore)?
> 
> It wouldn't hurt, but it's not as important.  However, I think you have
> the prompt wrong ... isn't the default answer usually the first one?  You
> have "... continue [yn]?" but if I just hit return that's taken as n, not
> y, so it should be "... continue [ny]?".  I was about to append a patch,
> but then I became indecisive as to the default *should* be, particularly
> if we allow three choices.

The patch only changes the prompt. compinit just uses `read -q' and
the default behaviour comes from there.


Bye
 Sven

Index: Completion/Core/compinit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/Core/compinit,v
retrieving revision 1.6
diff -u -r1.6 compinit
--- Completion/Core/compinit	2000/06/22 11:09:18	1.6
+++ Completion/Core/compinit	2000/06/23 07:09:14
@@ -347,9 +347,21 @@
   if [[ "$_i_fail" != use ]]; then
     typeset _i_q
 
-    _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID}) )
-    _i_wfiles=( ${^~fpath:/.}/^([^_]*|*~)(N^u0u${EUID}) )
+    # We search for:
+    # - world/group-writable directories in fpath not owned by root or the user
+    # - parent-directories of directories in fpath that are world/group-writable
+    #   and not owned by root or the user (that would allow someone to put a
+    #   digest file for one of the directories into the parent directory)
+    # - digest files for one of the directories in fpath not owned by root or
+    #   the user
+    # - and for files in directories from fpath not owned by root or the user
+    #   (including zwc files)
 
+    _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID})
+               ${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID})
+               ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) )
+    _i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) )
+
     case "${#_i_wdirs}:${#_i_wfiles}" in
     0:0) _i_q= ;;
     0:*) _i_q=files ;;
@@ -359,7 +371,7 @@
 
     if [[ -n "$_i_q" ]]; then
       if [[ "$_i_fail" = ask ]]; then
-        if ! read -q "?There are insecure $_i_q, continue [yn]? "; then
+        if ! read -q "?There are insecure $_i_q, continue [ny]? "; then
           unfunction compinit compdef
           unset _comp_dumpfile _comp_secure compprefuncs comppostfuncs \
                 _comps _patcomps _postpatcomps _compautos _lastcomp
@@ -369,8 +381,8 @@
         _i_wfiles=()
 	_i_wdirs=()
       else
-        (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles})}"  )
-        (( $#_i_wdirs ))  && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs})/*}" )
+        (( $#_i_wfiles )) && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wfiles%.zwc})}"  )
+        (( $#_i_wdirs ))  && _i_files=( "${(@)_i_files:#(${(j:|:)_i_wdirs%.zwc})/*}" )
       fi
     fi
     _comp_secure=yes

--
Sven Wischnowsky                         wischnow@xxxxxxxxxxxxxxxxxxxxxxx