diff options
Diffstat (limited to 'Completion/Core')
-rw-r--r-- | Completion/Core/compaudit | 130 |
1 files changed, 0 insertions, 130 deletions
diff --git a/Completion/Core/compaudit b/Completion/Core/compaudit deleted file mode 100644 index 4ea31af58..000000000 --- a/Completion/Core/compaudit +++ /dev/null @@ -1,130 +0,0 @@ -# So that this file can also be read with `.' or `source' ... -compaudit() { # Define and then call - -# Audit the fpath to assure that it contains all the directories needed by -# the completion system, and that those directories are at least unlikely -# to contain dangerous files. This is far from perfect, as the modes or -# ownership of files or directories might change between the time of the -# audit and the time the function is executed. - -# This function is designed to be called from compinit, which assumes that -# it is in the same directory, i.e., it can be autoloaded from the initial -# fpath as compinit was. Most local parameter names in this function must -# therefore be the same as those used in compinit. - -emulate -L zsh -setopt extendedglob - -# The positional parameters are the directories to check, else fpath. -if (( $# )); then - local _compdir='' -elif (( $#fpath == 0 )); then - print 'compaudit: No directories in $fpath, cannot continue' 1>&2 - return 1 -else - set -- $fpath -fi - -# _i_check is defined by compinit; used here as a test for whether this -# function is running standalone or was called by compinit. If called -# by compinit, we use parameters that are defined in compinit's scope, -# otherwise we make them local here. -(( $+_i_check )) || { - local _i_q _i_line _i_file _i_fail=verbose - local -a _i_files _i_addfiles _i_wdirs _i_wfiles - local -a -U +h fpath -} - -fpath=( $* ) - -# _compdir may be defined by the user; see the compinit documentation. -# If it isn't defined, we want it to point somewhere sensible, but the -# user is allowed to set it to empty to bypass the check below. -(( $+_compdir )) || { - local _compdir=${fpath[(r)*/$ZSH_VERSION/*]} - [[ -z $_compdir ]] && _compdir=$fpath[1] - [[ -d $_compdir/../Core ]] && _compdir=${_compdir:h} -} - -_i_wdirs=() -_i_wfiles=() - -_i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) ) -if [[ -n $_compdir ]]; then - if [[ $#_i_files -lt 20 || $_compdir = */Core || -d $_compdir/Core ]]; then - # Too few files: we need some more directories, or we need to check - # that all directories (not just Core) are present. - _i_addfiles=() - if [[ $_compdir = */Core ]]; then - # Add all the Completion subdirectories - _i_addfiles=(${_compdir:h}/*(/)) - elif [[ -d $_compdir/Core ]]; then - # Likewise - _i_addfiles=(${_compdir}/*(/)) - fi - for _i_line in {1..$#i_addfiles}; do - _i_file=${_i_addfiles[$_i_line]} - [[ -d $_i_file && -z ${fpath[(r)$_i_file]} ]] || - _i_addfiles[$_i_line]= - done - fpath=($fpath $_i_addfiles) - _i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) ) - fi -fi - -[[ $_i_fail == use ]] && return 0 - -# RedHat Linux "per-user groups" check. This is tricky, because it's very -# difficult to tell whether the sysadmin has put someone else into your -# "private" group (e.g., via the default group field in /etc/passwd, or -# by NFS group sharing with an untrustworthy machine). So we must assume -# that this has not happened, and pick the best group. - -local GROUP GROUPMEM _i_pw _i_gid -while IFS=: read GROUP _i_pw _i_gid GROUPMEM; do - if (( UID == EUID )); then - [[ $GROUP == $LOGNAME ]] && break - else - (( _i_gid == EGID )) && break # Somewhat arbitrary - fi -done < /etc/group - -# We search for: -# - world/group-writable directories in fpath not owned by root and the user -# - parent-directories of directories in fpath that are world/group-writable -# and not owned by root and the user (that would allow someone to put a -# digest file for one of the directories into the parent directory) -# - digest files for one of the directories in fpath not owned by root and -# the user -# - and for files in directories from fpath not owned by root and the user -# (including zwc files) - -if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]; then - _i_wdirs=( ${^fpath}(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID}) - ${^fpath}/..(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID}) ) -else - _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID}) - ${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID}) ) -fi -_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) ) -_i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) ) - -case "${#_i_wdirs}:${#_i_wfiles}" in -(0:0) _i_q= ;; -(0:*) _i_q=files ;; -(*:0) _i_q=directories ;; -(*:*) _i_q='directories and files' ;; -esac - -if [[ -n "$_i_q" ]]; then - [[ $_i_fail == verbose ]] && { - print There are insecure ${_i_q}: 1>&2 - print -l - $_i_wdirs $_i_wfiles - } - return 1 -fi -return 0 - -} # Define and then call - -compaudit "$@" |