Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: compaudit slow with many groups



On 19 Mar, Danek Duvall wrote:

> work?  I'm not positive this is the right set of tests, but if not,
> there ought to be some similar way of reducing the overhead of the
> function.  Is there any system where getent can't take two arguments?

At the top of compaudit, it is doing:
  [[ -x /usr/bin/getent ]] || getent() { cat /etc/$1 }
so that function replacement won't handle two argumemts. The patch
below allows it to. I'm fairly sure using the two arguments is
otherwise portable. Clearly this function could still be better (NIS
etc is not handled).

I've never been entirely happy with the compaudit stuff. It takes time
to run, most people who know about it add -u to compinit and it isn't
as if the shell refuses to run world writable programs found in the
path. If a security check is necessary, would it not be better done
from C code when the, function/whatever is actually loaded. It is
equally applicable to stuff picked up from $path and $module_path as
$fpath.

Also, would it not be better if compinit also listed the insecure files
or directed users to run compaudit directly. Otherwise it isn't exactly
obvious which files are insecure.

Oliver

Index: Completion/compaudit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/compaudit,v
retrieving revision 1.7
diff -u -r1.7 compaudit
--- Completion/compaudit	22 Mar 2004 19:59:26 -0000	1.7
+++ Completion/compaudit	30 Mar 2004 14:12:18 -0000
@@ -15,7 +15,13 @@
 emulate -L zsh
 setopt extendedglob
 
-[[ -x /usr/bin/getent ]] || getent() { cat /etc/$1 }
+[[ -x /usr/bin/getent ]] || getent() {
+  if [[ $2 = <-> ]]; then
+    grep ":$2:[^:]*$" /etc/$1
+  else
+    grep "^$2:" /etc/$1
+  fi
+}
 
 # The positional parameters are the directories to check, else fpath.
 if (( $# )); then



Messages sorted by: Reverse Date, Date, Thread, Author