Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: [FEATURE][PATCH] Complete local executables with ./ prefix, if prefix-needed is false

At 16:50 -0800 07 Dec 2021, Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx> wrote:
On Tue, Dec 7, 2021 at 4:23 PM Aaron Schrab <aaron@xxxxxxxxxx> wrote:

The already existing uses of `prefix-needed` are ones that I don't think
setting it to false would cause any serious problems. But for this I
think it's fairly dangerous

Hm.  I haven't applied the patch to see what effect it has, but it appears
it would cause the "./" to be prefixed onto the command word?  If so,
there's visible feedback; if not, the danger would be of invoking a command
that's in $path instead of the intended local executable.

So I'm not strongly concerned about danger; what is the behavior you'd find

My main concern is if someone would be in the habit of doing command completion and then hitting enter without looking at the results. If done when there's a typo in the prefix that was used it could complete to something from an untrusted directory instead.

Yes, this requires a few things to go wrong in just the right way for it to happen. But enabling this option would generally be a one-time thing for a user, and they may not consider this type of case at the time, and after awhile even forget about it.

Messages sorted by: Reverse Date, Date, Thread, Author