Zsh Mailing List Archive
Messages sorted by:
Re: autocompletion is broken in restricted shell
- X-seq: zsh-workers 41082
- From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
- To: zsh-workers@xxxxxxx
- Subject: Re: autocompletion is broken in restricted shell
- Date: Tue, 9 May 2017 22:02:47 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject :mime-version; bh=sFaDNAESfvGIAtJTTsTIsMqNYK2M/UW9/cYFSN1/G5w=; b=CCl/c+HI/oWdNA+FcqhAir12LWAU5JKrj+aSoHg4IJ8gvBQaTOdZc2p2WQkyd16ou0 cpZb8uF7fbZ4khioI5XfauXJUAkyekvy+m0Q0kKJ8Utmr4bl5P7GQL6TixTlw9WQBzni NCBajjmOlna6uj65NVImuDG+DhrsjsWirnIVdiky0m+niQnDH/C6zltVa7dsZHSSLKDq CYVTumdaZftECRsDXfDex9N51hU4RDumHzNgoR+bO8D2wsnDqezcUkdzHhK+Exs597sH fm+H8Yr1gh+9OKjiRJEL8eut3Rc20ivI2NbXoUV48L15Zf7iPCrx93hEgNq/wfmnF4jn e/Fg==
- In-reply-to: <11381B06-E104-4785-8BB7-AC5E5B0296F0@nexenta.com>
- List-help: <mailto:email@example.com>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:firstname.lastname@example.org>
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- References: <11381B06-E104-4785-8BB7-AC5E5B0296F0@nexenta.com>
I know Peter already committed the patch included with this, but I think
it's worth revisiting:
On May 8, 11:38am, Jan Kryl wrote:
} after we updated zsh to 5.3 autocompletion stopped to work for us in
} restricted shell. This is mainly due to "38692: IFS can't be changed
} in restricted mode".
} I suppose there is a good reason why setting IFS is not allowed in
} restricted mode
If you look at workers/38692 there is a URL linking to a security exploit
that is made possible by changing $IFS.
} However at least I would like to fix another thing which breaks
} autocompletion and that is using write redirections in autocompletion
} code. That can be avoided by using 2>&- instead of 2>/dev/null.
As I said in workers/41075 I don't think this is useful. It also is
applicable only in restricted mode. Looking again at workers/38692
>> I don't think we ever expect the completion system to work properly
>> in restricted mode, do we? I would generally expect that any
>> environment involving functions other than extremely trivial ones
>> can't rely on restricted mode.
If we're already admitting that compsys is too complex to be reliable
in restricted mode, I think we should not have applied a patch that
only matters in restricted mode and that might cause spurious errors
in the far more common case.
Messages sorted by: