Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Fish-like autosuggestions



On Wed, Oct 30, 2013 at 1:25 PM, Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>wrote:

> I have some concerns about the client/daemon model (for example what
> prevents a malicious program from connecting to the daemon and sending
> input that would cause the zpty shell to execute a command?) but I
> haven't studied it very closely.
>

I dont understand how a zpty instance could be accessed from outside the
process that started it(I'm assuming its not accessible) but it shouldn't
be possible run commands as the daemon never sends any input that could
cause 'accept-line' to be run. I would also use the following arguments to
defend the security of the model:

1 - There's one daemon per user and the socket is writable only by the user
that started the daemon
2 - The socket lives in a user-restricted (700) temporary directory
3 - If there's malicious code running in the user context, why would it
need to connect to the daemon or a pty in order to damage the system?


> Since you're already doing "zle recursive-edit", you might want to look
> into creating your own keymap instead of changing widget bindings in
> the main keymap.  There are some examples and helper code for this in
> Functions/Zle/keymap+widget in the distribution.
>

I've been playing with keymap+widget but I'm still deciding whether it is
the best solution for the following reasons:

- I'm only using recusive-edit because I couldn't do asynchronous updates
to the zle RBUFFER using 'zle -F'(I started from the 'predict-on' code)
- Sometimes I have to deactivate the autosuggestions feature and
consequently some of the widget hooks(eg: editing the middle of the line or
in vi normal mode)

With the current issues in mind I have a few more questions:

- Is it possible to update the zle RBUFFER from outside a widget? The hook
set with 'zle -F' was being executed outside recursive-edit but it couldnt
modify the RBUFFER variable in that case. In the IRC channel Valodim
mentioned that the hook was not being executed inside zle's context. If so,
is there a way to enter zle's context from a hook set with 'zle -F' ?
- Can the keymap+widget feature be used outside recursive-edit? From what I
understood it will be in effect whenever a [keymap]+[widget] function is
defined and [keymap] is active, if thats the case I can simply switch
keymaps with 'zle -K [keymap]' whenever I need a set of widget hooks to be
active right?
- Whats the best way to modify RBUFFER before a completion widget is
executed? I've tried the comppostfuncs but the RBUFFER variable is
read-only in that context.


Messages sorted by: Reverse Date, Date, Thread, Author