From da395c583770b466b5ba83c37d313a7b1c0024c9 Mon Sep 17 00:00:00 2001 From: leycec Date: Sat, 11 Jul 2015 00:52:54 -0400 Subject: [PATCH] Secure umask enforced during installation. For safety, a umask of 022 prohibiting both group and other writability is now enforced during OMZ installation. In theory, this should reduce the likelihood of subsequent compinit() failures due to insecure directory permissions under all platforms except for default Cygwin installations (in which Windows ACLs override POSIX umasks). --- tools/install.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/install.sh b/tools/install.sh index c83a6f23d..405f461e9 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -9,6 +9,13 @@ if [ -d "$ZSH" ]; then exit fi +# Prevent the cloned repository from having insecure permissions. Failing to do +# so causes compinit() calls to fail with "command not found: compdef" errors +# for users with insecure umasks (e.g., "002", allowing group writability). Note +# that this will be ignored under Cygwin by default, as Windows ACLs take +# precedence over umasks except for filesystems mounted with option "noacl". +umask g-w,o-w + echo "\033[0;34mCloning Oh My Zsh...\033[0m" hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || { echo "git not installed"