Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: autocompletion is broken in restricted shell



I know Peter already committed the patch included with this, but I think
it's worth revisiting:

On May 8, 11:38am, Jan Kryl wrote:
}
} after we updated zsh to 5.3 autocompletion stopped to work for us in
} restricted shell. This is mainly due to "38692: IFS can't be changed
} in restricted mode".
[...]
} I suppose there is a good reason why setting IFS is not allowed in
} restricted mode

If you look at workers/38692 there is a URL linking to a security exploit 
that is made possible by changing $IFS.

} However at least I would like to fix another thing which breaks
} autocompletion and that is using write redirections in autocompletion
} code. That can be avoided by using 2>&- instead of 2>/dev/null.

As I said in workers/41075 I don't think this is useful.  It also is
applicable only in restricted mode.  Looking again at workers/38692
I quote:

>> I don't think we ever expect the completion system to work properly
>> in restricted mode, do we? I would generally expect that any
>> environment involving functions other than extremely trivial ones
>> can't rely on restricted mode.

If we're already admitting that compsys is too complex to be reliable
in restricted mode, I think we should not have applied a patch that
only matters in restricted mode and that might cause spurious errors
in the far more common case.



Messages sorted by: Reverse Date, Date, Thread, Author