diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | Completion/compaudit | 143 |
2 files changed, 146 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 0866989b7..88e02323f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ Completion/Unix/Command/_ssh, Completion/Unix/Command/_xmlsoft, Completion/X/Command/_gv: patch latest versions from main branch. + * 20847: Completion/compaudit: stop adding gratuitous + elements to fpath when MARK_DIRS is set. + 2005-11-25 Peter Stephenson <pws@csr.com> * 22031: Nikolai Weibull: Completion/Unix/Command/_git: new diff --git a/Completion/compaudit b/Completion/compaudit new file mode 100644 index 000000000..7107c2fff --- /dev/null +++ b/Completion/compaudit @@ -0,0 +1,143 @@ +# So that this file can also be read with `.' or `source' ... +compaudit() { # Define and then call + +# Audit the fpath to assure that it contains all the directories needed by +# the completion system, and that those directories are at least unlikely +# to contain dangerous files. This is far from perfect, as the modes or +# ownership of files or directories might change between the time of the +# audit and the time the function is executed. + +# This function is designed to be called from compinit, which assumes that +# it is in the same directory, i.e., it can be autoloaded from the initial +# fpath as compinit was. Most local parameter names in this function must +# therefore be the same as those used in compinit. + +emulate -L zsh +setopt extendedglob + +[[ -x /usr/bin/getent ]] || getent() { + if [[ $2 = <-> ]]; then + grep ":$2:[^:]*$" /etc/$1 + else + grep "^$2:" /etc/$1 + fi +} + +# The positional parameters are the directories to check, else fpath. +if (( $# )); then + local _compdir='' +elif (( $#fpath == 0 )); then + print 'compaudit: No directories in $fpath, cannot continue' 1>&2 + return 1 +else + set -- $fpath +fi + +# _i_check is defined by compinit; used here as a test for whether this +# function is running standalone or was called by compinit. If called +# by compinit, we use parameters that are defined in compinit's scope, +# otherwise we make them local here. +(( $+_i_check )) || { + local _i_q _i_line _i_file _i_fail=verbose + local -a _i_files _i_addfiles _i_wdirs _i_wfiles + local -a -U +h fpath +} + +fpath=( $* ) + +# _compdir may be defined by the user; see the compinit documentation. +# If it isn't defined, we want it to point somewhere sensible, but the +# user is allowed to set it to empty to bypass the check below. +(( $+_compdir )) || { + local _compdir=${fpath[(r)*/$ZSH_VERSION/*]} + [[ -z $_compdir ]] && _compdir=$fpath[1] + ### [[ -d $_compdir/../Base ]] && _compdir=${_compdir:h} +} + +_i_wdirs=() +_i_wfiles=() + +_i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) ) +if [[ -n $_compdir ]]; then + if [[ $#_i_files -lt 20 || $_compdir = */Base || -d $_compdir/Base ]]; then + # Too few files: we need some more directories, or we need to check + # that all directories (not just Base) are present. + _i_addfiles=() + if [[ -d $_compdir/Base/Core ]]; then + # Add all the Completion subdirectories (CVS-layout) + _i_addfiles=(${_compdir}/*/*(/^M)) + elif [[ -d $_compdir/Base ]]; then + # Likewise (installation-layout) + _i_addfiles=(${_compdir}/*(/^M)) + fi + for _i_line in {1..$#_i_addfiles}; do + _i_file=${_i_addfiles[$_i_line]} + [[ -d $_i_file && -z ${fpath[(r)$_i_file]} ]] || + _i_addfiles[$_i_line]= + done + fpath=($fpath $_i_addfiles) + _i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) ) + fi +fi + +[[ $_i_fail == use ]] && return 0 + +# RedHat Linux "per-user groups" check. This is tricky, because it's very +# difficult to tell whether the sysadmin has put someone else into your +# "private" group (e.g., via the default group field in /etc/passwd, or +# by NFS group sharing with an untrustworthy machine). So we must assume +# that this has not happened, and pick the best group. + +local GROUP GROUPMEM _i_pw _i_gid _i_ulwdirs +if ((UID == EUID )); then + getent group $LOGNAME | IFS=: read GROUP _i_pw _i_gid GROUPMEM +else + getent group $EGID | IFS=: read GROUP _i_pw _i_gid GROUPMEM +fi + +# We search for: +# - world/group-writable directories in fpath not owned by root and the user +# - parent-directories of directories in fpath that are world/group-writable +# and not owned by root and the user (that would allow someone to put a +# digest file for one of the directories into the parent directory) +# - digest files for one of the directories in fpath not owned by root and +# the user +# - and for files in directories from fpath not owned by root and the user +# (including zwc files) + +if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]; then + _i_wdirs=( ${^fpath}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) + ${^fpath:h}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) ) +else + _i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) + ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) ) +fi + +if [[ -f /etc/debian_version ]] +then +_i_ulwdirs=( ${(M)_i_wdirs:#/usr/local/*} ) +_i_wdirs=( ${_i_wdirs:#/usr/local/*} ${^_i_ulwdir}(Nf:g+ws:^g:staff:,f:o+w:,^u0) ) +fi + +_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N-^u0u${EUID}) ) +_i_wfiles=( ${^fpath}/^([^_]*|*~)(N-^u0u${EUID}) ) + +case "${#_i_wdirs}:${#_i_wfiles}" in +(0:0) _i_q= ;; +(0:*) _i_q=files ;; +(*:0) _i_q=directories ;; +(*:*) _i_q='directories and files' ;; +esac + +if [[ -n "$_i_q" ]]; then + [[ $_i_fail == verbose ]] && { + print There are insecure ${_i_q}: 1>&2 + print -l - $_i_wdirs $_i_wfiles + } + return 1 +fi +return 0 + +} # Define and then call + +compaudit "$@" |