diff options
| author | Peter Stephenson <pws@users.sourceforge.net> | 2013-02-01 20:35:10 +0000 |
|---|---|---|
| committer | Peter Stephenson <pws@users.sourceforge.net> | 2013-02-01 20:35:10 +0000 |
| commit | ef8e43aed20885327a8dc89c02ee877c7096e77b (patch) | |
| tree | c2c988969311e22433b01e79c918c321786b1841 /Completion/compaudit | |
| parent | af68fb3cf49982c3f80ae65ef83c5dff3db67fc2 (diff) | |
| download | zsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.tar.gz zsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.tar.xz zsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.zip | |
31015: compaudit fix to allow executable owner to own completion files
Diffstat (limited to 'Completion/compaudit')
| -rw-r--r-- | Completion/compaudit | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/Completion/compaudit b/Completion/compaudit index 72e0b62ba..5eaa41e14 100644 --- a/Completion/compaudit +++ b/Completion/compaudit @@ -82,18 +82,45 @@ fi [[ $_i_fail == use ]] && return 0 +# We will always allow files to be owned by root and the owner of the +# present process. +local _i_owners="u0u${EUID}" + +# Places we will look for a link to the executable +local -a _i_exes +_i_exes=( + /proc/$$/exe + /proc/$$/object/a.out + ) +local _i_exe + +# If we can find out who owns the executable, we will allow files to +# be owned by that user, too. The argument is that if you don't trust +# the owner of the executable, it's way too late to worry about it now... +for _i_exe in _i_exes; do + if [[ -e $_i_exe ]] ;then + if zmodload -F zsh/stat b:zstat 2>/dev/null; then + local -A _i_stathash + if zstat -H _i_stathash /proc/$$/exe && + [[ $_i_stathash[uid] -ne 0 ]]; then + _i_owners+="u${_i_stathash[uid]}" + fi + fi + break + fi +done + # We search for: -# - world/group-writable directories in fpath not owned by root and the user +# - world/group-writable directories in fpath not owned by $_i_owners # - parent-directories of directories in fpath that are world/group-writable -# and not owned by root and the user (that would allow someone to put a +# and not owned by $_i_owners (that would allow someone to put a # digest file for one of the directories into the parent directory) -# - digest files for one of the directories in fpath not owned by root and -# the user -# - and for files in directories from fpath not owned by root and the user +# - digest files for one of the directories in fpath not owned by $_i_owners +# - and for files in directories from fpath not owned by $_i_owners # (including zwc files) -_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) - ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) ) +_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^${_i_owners}) + ${^fpath:h}(N-f:g+w:,-f:o+w:,-^${_i_owners}) ) # RedHat Linux "per-user groups" check. This is tricky, because it's very # difficult to tell whether the sysadmin has put someone else into your @@ -111,7 +138,7 @@ if (( $#_i_wdirs )); then if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]] then - _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) ) + _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^${_i_owners}) ) fi fi @@ -122,8 +149,8 @@ then _i_wdirs=( ${_i_wdirs:#/usr/local/*} ${^_i_ulwdirs}(Nf:g+ws:^g:staff:,f:o+w:,^u0) ) fi -_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^u0u${EUID}) ) -_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^u0u${EUID}) ) +_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^${_i_owners}) ) +_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^${_i_owners}) ) case "${#_i_wdirs}:${#_i_wfiles}" in (0:0) _i_q= ;; |