Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Update _twisted completion

X-seq: zsh-workers 31022
From: Phil Pennock <zsh-workers+phil.pennock@xxxxxxxxxxxx>
To: "Eric P. Mangold" <eric@xxxxxxxxxxxx>
Subject: Re: Update _twisted completion
Date: Mon, 4 Feb 2013 12:31:56 -0500
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d201210; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=F1OoypouiDan1bpk7ymahQRyU6UnLnIzpbrfyy2rInw=; b=yA4ydzIcH+mfk1vIRd/Cu40XSwEvM5l7AMIZ/2QEG66EzVzzcwAFVKBQM5sPMR3JSlnOOi5Z/qPs5ijoGEbTSarT1luOCrFCZ5Vza6jr6EOGfu7Pv7oFc0BZ/mZpPBMxmXEhkPsLJmdAKUahsWGX6cL1eMDyUlteWy3ZKAzoe9A=;
In-reply-to: <20130204164844.GM2279@ragnarok.teratorn.org>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mail-followup-to: "Eric P. Mangold" <eric@xxxxxxxxxxxx>, zsh-workers@xxxxxxx
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <20130203175328.GL2279@ragnarok.teratorn.org> <20130204042609.GA1571@redoubt.spodhuis.org> <20130204164844.GM2279@ragnarok.teratorn.org>

On 2013-02-04 at 11:48 -0500, Eric P. Mangold wrote:
> Other completions parse GNU --help output *shrug*. So I'm not really seeing
> much of a difference here..

Pattern-matching on --help output and extracting strings to offer is
different from evaluating code which can modify the shell environment.
The child process can run anything itself, but that doesn't let it do
things like change $XAUTHORITY and $DISPLAY in the shell, to silently
repoint graphics interactions to a proxy, or set $http_proxy, or
anything else that affects launched processes.  Or changing $SSH_ASKPASS
to a wrapper which steals SSH key passphrases.

Software I really don't trust much gets run under passwordless sudo to
an account where it has no access to my main working account.  (Software
I don't trust at all obviously doesn't get run at all, or if I have no
choice but to run it, then in a VM).

Even without that caution, trust flows down the path from parent to
child processes.  Data coming back up the path should not become _code_
coming back up the path.

When eval happens, it needs to be explicit (eval `ssh-agent -s`) and not
happen because someone hit tab and didn't even ask for a command to be
run.

When both completion function and program ship as part of one project,
at least the completion function on disk can be read and audited and
people can tell what will run inside their shell.

When the code comes from a program, which may be a compiled binary, your
ability to audit and prove what you'll evaluate goes down significantly;
the output might change depending upon the day of the month.

-Phil

Follow-Ups:
- Re: Update _twisted completion
  - From: Eric P. Mangold

References:
- Update _twisted completion
  - From: Eric P. Mangold
- Re: Update _twisted completion
  - From: Phil Pennock
- Re: Update _twisted completion
  - From: Eric P. Mangold

Messages sorted by: Reverse Date, Date, Thread, Author