summary refs log tree commit diff
path: root/Completion/compaudit
diff options
context:
space:
mode:
authorPeter Stephenson <pws@users.sourceforge.net>2013-02-01 20:35:10 +0000
committerPeter Stephenson <pws@users.sourceforge.net>2013-02-01 20:35:10 +0000
commitef8e43aed20885327a8dc89c02ee877c7096e77b (patch)
treec2c988969311e22433b01e79c918c321786b1841 /Completion/compaudit
parentaf68fb3cf49982c3f80ae65ef83c5dff3db67fc2 (diff)
downloadzsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.tar.gz
zsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.tar.xz
zsh-ef8e43aed20885327a8dc89c02ee877c7096e77b.zip
31015: compaudit fix to allow executable owner to own completion files
Diffstat (limited to 'Completion/compaudit')
-rw-r--r--Completion/compaudit47
1 files changed, 37 insertions, 10 deletions
diff --git a/Completion/compaudit b/Completion/compaudit
index 72e0b62ba..5eaa41e14 100644
--- a/Completion/compaudit
+++ b/Completion/compaudit
@@ -82,18 +82,45 @@ fi
 
 [[ $_i_fail == use ]] && return 0
 
+# We will always allow files to be owned by root and the owner of the
+# present process.
+local _i_owners="u0u${EUID}"
+
+# Places we will look for a link to the executable
+local -a _i_exes
+_i_exes=(
+    /proc/$$/exe
+    /proc/$$/object/a.out
+    )
+local _i_exe
+
+# If we can find out who owns the executable, we will allow files to
+# be owned by that user, too.  The argument is that if you don't trust
+# the owner of the executable, it's way too late to worry about it now...
+for _i_exe in _i_exes; do
+  if [[ -e $_i_exe ]] ;then
+    if zmodload -F zsh/stat b:zstat 2>/dev/null; then
+      local -A _i_stathash
+      if zstat -H _i_stathash /proc/$$/exe &&
+	[[ $_i_stathash[uid] -ne 0 ]]; then
+	_i_owners+="u${_i_stathash[uid]}"
+      fi
+    fi
+    break
+  fi
+done
+
 # We search for:
-# - world/group-writable directories in fpath not owned by root and the user
+# - world/group-writable directories in fpath not owned by $_i_owners
 # - parent-directories of directories in fpath that are world/group-writable
-#   and not owned by root and the user (that would allow someone to put a
+#   and not owned by $_i_owners (that would allow someone to put a
 #   digest file for one of the directories into the parent directory)
-# - digest files for one of the directories in fpath not owned by root and
-#   the user
-# - and for files in directories from fpath not owned by root and the user
+# - digest files for one of the directories in fpath not owned by $_i_owners
+# - and for files in directories from fpath not owned by $_i_owners
 #   (including zwc files)
 
-_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID})
-           ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) )
+_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^${_i_owners})
+           ${^fpath:h}(N-f:g+w:,-f:o+w:,-^${_i_owners}) )
 
 # RedHat Linux "per-user groups" check.  This is tricky, because it's very
 # difficult to tell whether the sysadmin has put someone else into your
@@ -111,7 +138,7 @@ if (( $#_i_wdirs )); then
 
   if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]
   then
-    _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) )
+    _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^${_i_owners}) )
   fi
 fi
 
@@ -122,8 +149,8 @@ then
   _i_wdirs=( ${_i_wdirs:#/usr/local/*} ${^_i_ulwdirs}(Nf:g+ws:^g:staff:,f:o+w:,^u0) )
 fi
 
-_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^u0u${EUID}) )
-_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^u0u${EUID}) )
+_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^${_i_owners}) )
+_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^${_i_owners}) )
 
 case "${#_i_wdirs}:${#_i_wfiles}" in
 (0:0) _i_q= ;;