On Tue, Sep 27, 2016 at 10:02:21AM +0100, Peter Stephenson wrote: > I've attempted to tidy up the logic to the point where I think I > understand it. Does the test "(!getuid() || !geteuid())" make sense or > should that be something else? I don't see a reason why zsh running as root shouldn't import these variables. Only when running in a setuid context possible security issues arise (ignoring the fact that any setuid program calling a shell is broken anyway because we will always miss some env-variable which can be abused). I think the test should be changed to getuid() != geteuid() or similar to trigger only in setuid cases. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
Attachment:
signature.asc
Description: PGP signature