From 77b924b8394344175aab0c4d78bec670ef721d93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Cornell=C3=A0?= Date: Sat, 26 May 2018 21:23:35 +0200 Subject: [PATCH 1/2] Give more helpful message and disable purge of caches This error message will give information on what exactly has happened and how to either solve ownership and permissions or disable the check entirely. Also gets rid of the purge of compinit caches since with the current logic insecure completion directories are ignored and therefore haven't tainted the cached files. --- lib/compfix.zsh | 44 ++++++++++++++------------------------------ 1 file changed, 14 insertions(+), 30 deletions(-) diff --git a/lib/compfix.zsh b/lib/compfix.zsh index 208aaadb1..68decc1ed 100644 --- a/lib/compfix.zsh +++ b/lib/compfix.zsh @@ -2,10 +2,6 @@ # insecure ownership or permissions) by: # # * Human-readably notifying the user of these insecurities. -# * Moving away all existing completion caches to a temporary directory. Since -# any of these caches may have been generated from insecure directories, they -# are all suspect now. Failing to do so typically causes subsequent compinit() -# calls to fail with "command not found: compdef" errors. (That's bad.) function handle_completion_insecurities() { # List of the absolute paths of all unique insecure directories, split on # newline from compaudit()'s output resembling: @@ -22,39 +18,27 @@ function handle_completion_insecurities() { insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} ) # If no such directories exist, get us out of here. - if (( ! ${#insecure_dirs} )); then - print "[oh-my-zsh] No insecure completion-dependent directories detected." - return - fi + (( ! ${#insecure_dirs} )) && return # List ownership and permissions of all insecure directories. print "[oh-my-zsh] Insecure completion-dependent directories detected:" ls -ld "${(@)insecure_dirs}" - print "[oh-my-zsh] For safety, completions will be disabled until you manually fix all" - print "[oh-my-zsh] insecure directory permissions and ownership and restart oh-my-zsh." - print "[oh-my-zsh] See the above list for directories with group or other writability.\n" - # Locally enable the "NULL_GLOB" option, thus removing unmatched filename - # globs from argument lists *AND* printing no warning when doing so. Failing - # to do so prints an unreadable warning if no completion caches exist below. - setopt local_options null_glob + cat < Date: Sat, 26 May 2018 21:26:49 +0200 Subject: [PATCH 2/2] Always load secure completion directories --- oh-my-zsh.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/oh-my-zsh.sh b/oh-my-zsh.sh index c0e2ba8f6..72527362f 100644 --- a/oh-my-zsh.sh +++ b/oh-my-zsh.sh @@ -63,15 +63,14 @@ if [ -z "$ZSH_COMPDUMP" ]; then fi if [[ $ZSH_DISABLE_COMPFIX != true ]]; then - # If completion insecurities exist, warn the user without enabling completions. + # If completion insecurities exist, warn the user if ! compaudit &>/dev/null; then - # This function resides in the "lib/compfix.zsh" script sourced above. handle_completion_insecurities - # Else, enable and cache completions to the desired file. - else - compinit -d "${ZSH_COMPDUMP}" fi + # Load only from secure directories + compinit -i -d "${ZSH_COMPDUMP}" else + # If the user wants it, load from all found directories compinit -u -d "${ZSH_COMPDUMP}" fi