Insecure completion handler added.
A new "lib/compfix.zsh" script defining a new handle_completion_insecurities() function has been added, which handles insecure completion directories by notifying users of said insecurities and moving away all existing completion caches to a temporary directory. While intended to be called at startup, this function is generally callable at any time (e.g., for testing).
This commit is contained in:
parent
3ea3384186
commit
dcb175d430
60
lib/compfix.zsh
Normal file
60
lib/compfix.zsh
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
# Handle completions insecurities (i.e., completion-dependent directories with
|
||||||
|
# insecure ownership or permissions) by:
|
||||||
|
#
|
||||||
|
# * Human-readably notifying the user of these insecurities.
|
||||||
|
# * Moving away all existing completion caches to a temporary directory. Since
|
||||||
|
# any of these caches may have been generated from insecure directories, they
|
||||||
|
# are all suspect now. Failing to do so typically causes subsequent compinit()
|
||||||
|
# calls to fail with "command not found: compdef" errors. (That's bad.)
|
||||||
|
function handle_completion_insecurities() {
|
||||||
|
# List of the absolute paths of all unique insecure directories, split on
|
||||||
|
# newline from compaudit()'s output resembling:
|
||||||
|
#
|
||||||
|
# There are insecure directories:
|
||||||
|
# /usr/share/zsh/site-functions
|
||||||
|
# /usr/share/zsh/5.0.6/functions
|
||||||
|
# /usr/share/zsh
|
||||||
|
# /usr/share/zsh/5.0.6
|
||||||
|
#
|
||||||
|
# Since the ignorable first line is printed to stderr and thus not captured,
|
||||||
|
# stderr is squelched to prevent this output from leaking to the user.
|
||||||
|
local -aU insecure_dirs
|
||||||
|
insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} )
|
||||||
|
|
||||||
|
# If no such directories exist, get us out of here.
|
||||||
|
if (( ! ${#insecure_dirs} )); then
|
||||||
|
print "[oh-my-zsh] No insecure completion-dependent directories detected."
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# List ownership and permissions of all insecure directories.
|
||||||
|
print "[oh-my-zsh] Insecure completion-dependent directories detected:"
|
||||||
|
ls -ld "${(@)insecure_dirs}"
|
||||||
|
print "[oh-my-zsh] For safety, completions will be disabled until you manually fix all"
|
||||||
|
print "[oh-my-zsh] insecure directory permissions and ownership and restart oh-my-zsh."
|
||||||
|
print "[oh-my-zsh] See the above list for directories with group or other writability.\n"
|
||||||
|
|
||||||
|
# Locally enable the "NULL_GLOB" option, thus removing unmatched filename
|
||||||
|
# globs from argument lists *AND* printing no warning when doing so. Failing
|
||||||
|
# to do so prints an unreadable warning if no completion caches exist below.
|
||||||
|
setopt local_options null_glob
|
||||||
|
|
||||||
|
# List of the absolute paths of all unique existing completion caches.
|
||||||
|
local -aU zcompdump_files
|
||||||
|
zcompdump_files=( "${ZSH_COMPDUMP}"(.) "${ZDOTDIR:-${HOME}}"/.zcompdump* )
|
||||||
|
|
||||||
|
# Move such caches to a temporary directory.
|
||||||
|
if (( ${#zcompdump_files} )); then
|
||||||
|
# Absolute path of the directory to which such files will be moved.
|
||||||
|
local ZSH_ZCOMPDUMP_BAD_DIR="${ZSH_CACHE_DIR}/zcompdump-bad"
|
||||||
|
|
||||||
|
# List such files first.
|
||||||
|
print "[oh-my-zsh] Insecure completion caches also detected:"
|
||||||
|
ls -l "${(@)zcompdump_files}"
|
||||||
|
|
||||||
|
# For safety, move rather than permanently remove such files.
|
||||||
|
print "[oh-my-zsh] Moving to \"${ZSH_ZCOMPDUMP_BAD_DIR}/\"...\n"
|
||||||
|
mkdir -p "${ZSH_ZCOMPDUMP_BAD_DIR}"
|
||||||
|
mv "${(@)zcompdump_files}" "${ZSH_ZCOMPDUMP_BAD_DIR}/"
|
||||||
|
fi
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user