Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: compinit trusts .zcompdump even when it's owned by a different user?

On Wed, 06 Jan 2016 01:58:55 +0000
Nick Irvine <nfirvine@xxxxxxxxxxxx> wrote:
> This may be a bug or misfeature in zsh, but I don't know it that well and I
> may be misunderstanding.
> compinit (the function that initializes completions) runs compaudit to
> enforce a security model whereby it will only load completion functions
> from directories in your $fpath that are considered "secure" (owned by root
> or me, not world-writable, etc.). It will warn the user about insecure
> paths and prompt to either skip them or abort. That's all well and good.
> It creates a cache of the results at ~/.zcompdump. AFAICT, it is only
> invalidated (i.e., deleted)*manually*.

It's updated automatically, but never invalidated automatically.

> I'm not entirely clear what's in the cache, so I can't say if this is
> really a big security issue. But, at the very least, compinit will consider
> the cache valid even if it's owned by a different user, thereby avoiding
> loading completion functions that *are* valid for the current user but
> *weren't* for the previous one.

The standard fix for this is to point different users at different
files.  Run compinit with the -d option, e.g.

compinit -d ~/.compdump_${USER}

This is the only way you're going to have two users in the same area
with the same basic environment (home directory in particular)
co-existing (regardless of compaudit).

The security issue is a separate one and I don't have a glib answer to
that.  I think the assumption has been the dump file, unlike the
contents of your $fpath, will always be written in an area to which no
one other than you and the superuser has access, unless you've
explicitly given it to someone.  Certainly, as currently implemented,
compaudit is really there to check for zsh functions you don't want to
autoload owing to the fact that $fpath might point at anything --- not as
a security check for files in your own area, which is a whole different
ball game.  If you're worried about the dump file, why are .zshrc or
.zshenv, typically in the same area, not even more of a worry?


Messages sorted by: Reverse Date, Date, Thread, Author