mirror of
				git://git.code.sf.net/p/zsh/code
				synced 2025-10-25 05:10:28 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			130 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			130 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| # So that this file can also be read with `.' or `source' ...
 | |
| compaudit() {                           # Define and then call
 | |
| 
 | |
| # Audit the fpath to assure that it contains all the directories needed by
 | |
| # the completion system, and that those directories are at least unlikely
 | |
| # to contain dangerous files.  This is far from perfect, as the modes or
 | |
| # ownership of files or directories might change between the time of the
 | |
| # audit and the time the function is executed.
 | |
| 
 | |
| # This function is designed to be called from compinit, which assumes that
 | |
| # it is in the same directory, i.e., it can be autoloaded from the initial
 | |
| # fpath as compinit was.  Most local parameter names in this function must
 | |
| # therefore be the same as those used in compinit.
 | |
| 
 | |
| emulate -L zsh
 | |
| setopt extendedglob
 | |
| 
 | |
| # The positional parameters are the directories to check, else fpath.
 | |
| if (( $# )); then
 | |
|   local _compdir=''
 | |
| elif (( $#fpath == 0 )); then
 | |
|   print 'compaudit: No directories in $fpath, cannot continue' 1>&2
 | |
|   return 1
 | |
| else
 | |
|   set -- $fpath
 | |
| fi
 | |
| 
 | |
| # _i_check is defined by compinit; used here as a test for whether this
 | |
| # function is running standalone or was called by compinit.  If called
 | |
| # by compinit, we use parameters that are defined in compinit's scope,
 | |
| # otherwise we make them local here.
 | |
| (( $+_i_check )) || {
 | |
|   local _i_q _i_line _i_file _i_fail=verbose
 | |
|   local -a _i_files _i_addfiles _i_wdirs _i_wfiles
 | |
|   local -a -U +h fpath
 | |
| }
 | |
| 
 | |
| fpath=( $* )
 | |
| 
 | |
| # _compdir may be defined by the user; see the compinit documentation.
 | |
| # If it isn't defined, we want it to point somewhere sensible, but the
 | |
| # user is allowed to set it to empty to bypass the check below.
 | |
| (( $+_compdir )) || {
 | |
|   local _compdir=${fpath[(r)*/$ZSH_VERSION/*]}
 | |
|   [[ -z $_compdir ]] && _compdir=$fpath[1]
 | |
|   ### [[ -d $_compdir/../Base ]] && _compdir=${_compdir:h}
 | |
| }
 | |
| 
 | |
| _i_wdirs=()
 | |
| _i_wfiles=()
 | |
| 
 | |
| _i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) )
 | |
| if [[ -n $_compdir ]]; then
 | |
|   if [[ $#_i_files -lt 20 || $_compdir = */Base || -d $_compdir/Base ]]; then
 | |
|     # Too few files: we need some more directories, or we need to check
 | |
|     # that all directories (not just Base) are present.
 | |
|     _i_addfiles=()
 | |
|     if [[ $_compdir = */Base ]]; then
 | |
|       # Add all the Completion subdirectories
 | |
|       _i_addfiles=(${_compdir:h}/*(/))
 | |
|     elif [[ -d $_compdir/Base ]]; then
 | |
|       # Likewise
 | |
|       _i_addfiles=(${_compdir}/*(/))
 | |
|     fi
 | |
|     for _i_line in {1..$#i_addfiles}; do
 | |
|       _i_file=${_i_addfiles[$_i_line]}
 | |
|       [[ -d $_i_file && -z ${fpath[(r)$_i_file]} ]] ||
 | |
|         _i_addfiles[$_i_line]=
 | |
|     done
 | |
|     fpath=($fpath $_i_addfiles)
 | |
|     _i_files=( ${^~fpath:/.}/^([^_]*|*~|*.zwc)(N) )
 | |
|   fi
 | |
| fi
 | |
| 
 | |
| [[ $_i_fail == use ]] && return 0
 | |
| 
 | |
| # RedHat Linux "per-user groups" check.  This is tricky, because it's very
 | |
| # difficult to tell whether the sysadmin has put someone else into your
 | |
| # "private" group (e.g., via the default group field in /etc/passwd, or
 | |
| # by NFS group sharing with an untrustworthy machine).  So we must assume
 | |
| # that this has not happened, and pick the best group.
 | |
| 
 | |
| local GROUP GROUPMEM _i_pw _i_gid
 | |
| while IFS=: read GROUP _i_pw _i_gid GROUPMEM; do
 | |
|   if (( UID == EUID )); then
 | |
|     [[ $GROUP == $LOGNAME ]] && break
 | |
|   else
 | |
|     (( _i_gid == EGID )) && break       # Somewhat arbitrary
 | |
|   fi
 | |
| done < /etc/group
 | |
| 
 | |
| # We search for:
 | |
| # - world/group-writable directories in fpath not owned by root and the user
 | |
| # - parent-directories of directories in fpath that are world/group-writable
 | |
| #   and not owned by root and the user (that would allow someone to put a
 | |
| #   digest file for one of the directories into the parent directory)
 | |
| # - digest files for one of the directories in fpath not owned by root and
 | |
| #   the user
 | |
| # - and for files in directories from fpath not owned by root and the user
 | |
| #   (including zwc files)
 | |
| 
 | |
| if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]; then
 | |
|   _i_wdirs=( ${^fpath}(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID})
 | |
|              ${^fpath}/..(Nf:g+w:^g:${GROUP}:,f:o+w:,^u0u${EUID}) )
 | |
| else
 | |
|   _i_wdirs=( ${^fpath}(Nf:g+w:,f:o+w:,^u0u${EUID})
 | |
|              ${^fpath}/..(Nf:g+w:,f:o+w:,^u0u${EUID}) )
 | |
| fi
 | |
| _i_wdirs=( $_i_wdirs ${^fpath}.zwc^([^_]*|*~)(N^u0u${EUID}) )
 | |
| _i_wfiles=( ${^fpath}/^([^_]*|*~)(N^u0u${EUID}) )
 | |
| 
 | |
| case "${#_i_wdirs}:${#_i_wfiles}" in
 | |
| (0:0) _i_q= ;;
 | |
| (0:*) _i_q=files ;;
 | |
| (*:0) _i_q=directories ;;
 | |
| (*:*) _i_q='directories and files' ;;
 | |
| esac
 | |
| 
 | |
| if [[ -n "$_i_q" ]]; then
 | |
|   [[ $_i_fail == verbose ]] && {
 | |
|     print There are insecure ${_i_q}: 1>&2
 | |
|     print -l - $_i_wdirs $_i_wfiles
 | |
|   }
 | |
|   return 1
 | |
| fi
 | |
| return 0
 | |
| 
 | |
| }                                       # Define and then call
 | |
| 
 | |
| compaudit "$@"
 |