From da395c583770b466b5ba83c37d313a7b1c0024c9 Mon Sep 17 00:00:00 2001
From: leycec <leycec@gmail.com>
Date: Sat, 11 Jul 2015 00:52:54 -0400
Subject: [PATCH] Secure umask enforced during installation.

For safety, a umask of 022 prohibiting both group and other writability is now
enforced during OMZ installation. In theory, this should reduce the likelihood
of subsequent compinit() failures due to insecure directory permissions under
all platforms except for default Cygwin installations (in which Windows ACLs
override POSIX umasks).
---
 tools/install.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/install.sh b/tools/install.sh
index c83a6f23..405f461e 100755
--- a/tools/install.sh
+++ b/tools/install.sh
@@ -9,6 +9,13 @@ if [ -d "$ZSH" ]; then
   exit
 fi
 
+# Prevent the cloned repository from having insecure permissions. Failing to do
+# so causes compinit() calls to fail with "command not found: compdef" errors
+# for users with insecure umasks (e.g., "002", allowing group writability). Note
+# that this will be ignored under Cygwin by default, as Windows ACLs take
+# precedence over umasks except for filesystems mounted with option "noacl".
+umask g-w,o-w
+
 echo "\033[0;34mCloning Oh My Zsh...\033[0m"
 hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || {
   echo "git not installed"