[PATCH/RFC] Don't source .zlogout if privileged

[dana <dana@xxxxxxx>]

I noticed whilst formulating a reply to users/23847 that the shell still
sources the user .zlogout even when the privileged option is set. The ML
archive doesn't go back far enough for me to see what the rationale was for
that, but i'm guessing maybe it's because the feature was borrowed from ksh,
and ksh doesn't have a logout file. (In fact, the option didn't originally
affect zsh-specific init files at all, since it was only used for ksh
emulation.) But shouldn't the same logic apply? Or is there a particular
reason to treat it differently?

(If it *is* desirable behaviour, i'll send a different patch documenting that
more explicitly)

dana


diff --git a/Doc/Zsh/options.yo b/Doc/Zsh/options.yo
index bc182eb7b..379ee2a06 100644
--- a/Doc/Zsh/options.yo
+++ b/Doc/Zsh/options.yo
@@ -2377,7 +2377,7 @@ for failure and act accordingly, for example:
 
 example(unsetopt privileged || exit)
 
-The tt(PRIVILEGED) option disables sourcing user startup files.
+The tt(PRIVILEGED) option disables sourcing user startup/shutdown files.
 If zsh is invoked as `tt(sh)' or `tt(ksh)' with this option set,
 tt(/etc/suid_profile) is sourced (after tt(/etc/profile) on interactive
 shells). Sourcing tt(~/.profile) is disabled and the contents of the
diff --git a/Src/builtin.c b/Src/builtin.c
index 8dcdcc024..01fca6f7c 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -5791,7 +5791,7 @@ zexit(int val, int from_where)
 	    saveandpophiststack(1, writeflags);
 	    savehistfile(NULL, 1, writeflags);
 	}
-	if (islogin && !subsh) {
+	if (islogin && !subsh && unset(PRIVILEGED)) {
 	    sourcehome(".zlogout");
 #ifdef GLOBAL_ZLOGOUT
 	    if (isset(RCS) && isset(GLOBALRCS))