Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: Update _twisted completion
On 2013-02-04 at 11:48 -0500, Eric P. Mangold wrote:
> Other completions parse GNU --help output *shrug*. So I'm not really seeing
> much of a difference here..
Pattern-matching on --help output and extracting strings to offer is
different from evaluating code which can modify the shell environment.
The child process can run anything itself, but that doesn't let it do
things like change $XAUTHORITY and $DISPLAY in the shell, to silently
repoint graphics interactions to a proxy, or set $http_proxy, or
anything else that affects launched processes. Or changing $SSH_ASKPASS
to a wrapper which steals SSH key passphrases.
Software I really don't trust much gets run under passwordless sudo to
an account where it has no access to my main working account. (Software
I don't trust at all obviously doesn't get run at all, or if I have no
choice but to run it, then in a VM).
Even without that caution, trust flows down the path from parent to
child processes. Data coming back up the path should not become _code_
coming back up the path.
When eval happens, it needs to be explicit (eval `ssh-agent -s`) and not
happen because someone hit tab and didn't even ask for a command to be
run.
When both completion function and program ship as part of one project,
at least the completion function on disk can be read and audited and
people can tell what will run inside their shell.
When the code comes from a program, which may be a compiled binary, your
ability to audit and prove what you'll evaluate goes down significantly;
the output might change depending upon the day of the month.
-Phil
Messages sorted by:
Reverse Date,
Date,
Thread,
Author