1
0
mirror of git://git.code.sf.net/p/zsh/code synced 2024-11-19 13:33:52 +01:00
zsh/Completion/compaudit

131 lines
4.5 KiB
Plaintext
Raw Normal View History

2001-04-02 13:01:33 +02:00
# So that this file can also be read with `.' or `source' ...
compaudit() { # Define and then call
# Audit the fpath to assure that it contains all the directories needed by
# the completion system, and that those directories are at least unlikely
# to contain dangerous files. This is far from perfect, as the modes or
# ownership of files or directories might change between the time of the
# audit and the time the function is executed.
# This function is designed to be called from compinit, which assumes that
# it is in the same directory, i.e., it can be autoloaded from the initial
# fpath as compinit was. Most local parameter names in this function must
# therefore be the same as those used in compinit.
emulate -L zsh
setopt extendedglob
# The positional parameters are the directories to check, else fpath.
if (( $# )); then
local _compdir=''
elif (( $#fpath == 0 )); then
print 'compaudit: No directories in $fpath, cannot continue' 1>&2
return 1
else
set -- $fpath
fi
# _i_check is defined by compinit; used here as a test for whether this
# function is running standalone or was called by compinit. If called
# by compinit, we use parameters that are defined in compinit's scope,
# otherwise we make them local here.
(( $+_i_check )) || {
local _i_q _i_line _i_file _i_fail=verbose
local -a _i_files _i_addfiles _i_wdirs _i_wfiles
local -a -U +h fpath
}
fpath=( $* )
# _compdir may be defined by the user; see the compinit documentation.
# If it isn't defined, we want it to point somewhere sensible, but the
# user is allowed to set it to empty to bypass the check below.
(( $+_compdir )) || {
local _compdir=${fpath[(r)*/$ZSH_VERSION/*]}
[[ -z $_compdir ]] && _compdir=$fpath[1]
2001-04-02 15:04:04 +02:00
### [[ -d $_compdir/../Base ]] && _compdir=${_compdir:h}
2001-04-02 13:01:33 +02:00
}
_i_wdirs=()
_i_wfiles=()
_i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) )
if [[ -n $_compdir ]]; then
2001-04-02 15:04:04 +02:00
if [[ $#_i_files -lt 20 || $_compdir = */Base || -d $_compdir/Base ]]; then
2001-04-02 13:01:33 +02:00
# Too few files: we need some more directories, or we need to check
2001-04-02 15:04:04 +02:00
# that all directories (not just Base) are present.
2001-04-02 13:01:33 +02:00
_i_addfiles=()
if [[ -d $_compdir/Base/Core ]]; then
# Add all the Completion subdirectories (CVS-layout)
_i_addfiles=(${_compdir}/*/*(/))
2001-04-02 15:04:04 +02:00
elif [[ -d $_compdir/Base ]]; then
# Likewise (installation-layout)
2001-04-02 13:01:33 +02:00
_i_addfiles=(${_compdir}/*(/))
fi
for _i_line in {1..$#i_addfiles}; do
_i_file=${_i_addfiles[$_i_line]}
[[ -d $_i_file && -z ${fpath[(r)$_i_file]} ]] ||
_i_addfiles[$_i_line]=
done
fpath=($fpath $_i_addfiles)
_i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) )
fi
fi
[[ $_i_fail == use ]] && return 0
# RedHat Linux "per-user groups" check. This is tricky, because it's very
# difficult to tell whether the sysadmin has put someone else into your
# "private" group (e.g., via the default group field in /etc/passwd, or
# by NFS group sharing with an untrustworthy machine). So we must assume
# that this has not happened, and pick the best group.
local GROUP GROUPMEM _i_pw _i_gid
while IFS=: read GROUP _i_pw _i_gid GROUPMEM; do
if (( UID == EUID )); then
[[ $GROUP == $LOGNAME ]] && break
else
(( _i_gid == EGID )) && break # Somewhat arbitrary
fi
done < /etc/group
# We search for:
# - world/group-writable directories in fpath not owned by root and the user
# - parent-directories of directories in fpath that are world/group-writable
# and not owned by root and the user (that would allow someone to put a
# digest file for one of the directories into the parent directory)
# - digest files for one of the directories in fpath not owned by root and
# the user
# - and for files in directories from fpath not owned by root and the user
# (including zwc files)
if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]; then
_i_wdirs=( ${^fpath}(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID})
${^fpath}/..(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID}) )
else
_i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID})
${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID}) )
fi
_i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) )
_i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) )
case "${#_i_wdirs}:${#_i_wfiles}" in
(0:0) _i_q= ;;
(0:*) _i_q=files ;;
(*:0) _i_q=directories ;;
(*:*) _i_q='directories and files' ;;
esac
if [[ -n "$_i_q" ]]; then
[[ $_i_fail == verbose ]] && {
print There are insecure ${_i_q}: 1>&2
print -l - $_i_wdirs $_i_wfiles
}
return 1
fi
return 0
} # Define and then call
compaudit "$@"