From dcb175d4309a41723ebeb561a8089115d9e7126b Mon Sep 17 00:00:00 2001 From: leycec Date: Sat, 11 Jul 2015 01:20:23 -0400 Subject: [PATCH 1/4] Insecure completion handler added. A new "lib/compfix.zsh" script defining a new handle_completion_insecurities() function has been added, which handles insecure completion directories by notifying users of said insecurities and moving away all existing completion caches to a temporary directory. While intended to be called at startup, this function is generally callable at any time (e.g., for testing). --- lib/compfix.zsh | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 lib/compfix.zsh diff --git a/lib/compfix.zsh b/lib/compfix.zsh new file mode 100644 index 000000000..208aaadb1 --- /dev/null +++ b/lib/compfix.zsh @@ -0,0 +1,60 @@ +# Handle completions insecurities (i.e., completion-dependent directories with +# insecure ownership or permissions) by: +# +# * Human-readably notifying the user of these insecurities. +# * Moving away all existing completion caches to a temporary directory. Since +# any of these caches may have been generated from insecure directories, they +# are all suspect now. Failing to do so typically causes subsequent compinit() +# calls to fail with "command not found: compdef" errors. (That's bad.) +function handle_completion_insecurities() { + # List of the absolute paths of all unique insecure directories, split on + # newline from compaudit()'s output resembling: + # + # There are insecure directories: + # /usr/share/zsh/site-functions + # /usr/share/zsh/5.0.6/functions + # /usr/share/zsh + # /usr/share/zsh/5.0.6 + # + # Since the ignorable first line is printed to stderr and thus not captured, + # stderr is squelched to prevent this output from leaking to the user. + local -aU insecure_dirs + insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} ) + + # If no such directories exist, get us out of here. + if (( ! ${#insecure_dirs} )); then + print "[oh-my-zsh] No insecure completion-dependent directories detected." + return + fi + + # List ownership and permissions of all insecure directories. + print "[oh-my-zsh] Insecure completion-dependent directories detected:" + ls -ld "${(@)insecure_dirs}" + print "[oh-my-zsh] For safety, completions will be disabled until you manually fix all" + print "[oh-my-zsh] insecure directory permissions and ownership and restart oh-my-zsh." + print "[oh-my-zsh] See the above list for directories with group or other writability.\n" + + # Locally enable the "NULL_GLOB" option, thus removing unmatched filename + # globs from argument lists *AND* printing no warning when doing so. Failing + # to do so prints an unreadable warning if no completion caches exist below. + setopt local_options null_glob + + # List of the absolute paths of all unique existing completion caches. + local -aU zcompdump_files + zcompdump_files=( "${ZSH_COMPDUMP}"(.) "${ZDOTDIR:-${HOME}}"/.zcompdump* ) + + # Move such caches to a temporary directory. + if (( ${#zcompdump_files} )); then + # Absolute path of the directory to which such files will be moved. + local ZSH_ZCOMPDUMP_BAD_DIR="${ZSH_CACHE_DIR}/zcompdump-bad" + + # List such files first. + print "[oh-my-zsh] Insecure completion caches also detected:" + ls -l "${(@)zcompdump_files}" + + # For safety, move rather than permanently remove such files. + print "[oh-my-zsh] Moving to \"${ZSH_ZCOMPDUMP_BAD_DIR}/\"...\n" + mkdir -p "${ZSH_ZCOMPDUMP_BAD_DIR}" + mv "${(@)zcompdump_files}" "${ZSH_ZCOMPDUMP_BAD_DIR}/" + fi +} From cb55161470e051e520bad388c20e32d43cfca973 Mon Sep 17 00:00:00 2001 From: leycec Date: Tue, 12 May 2015 19:27:51 -0400 Subject: [PATCH 2/4] Completion insecurities handled on startup. Completion-dependent directories with insecure permissions or ownership (e.g., group or other writability) are now detected, reported, and sanitized on OMZ startup rather than unsafely ignored -- which resulted in effectively empty completion caches and obscure compdef() errors resembling "compdef: unknown command or service: git". This fixes long-standing issues #630, #3356, and #3455 and related Babun issues 159, 281, and 322 -- and probably numerous other duplicates. --- oh-my-zsh.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/oh-my-zsh.sh b/oh-my-zsh.sh index ec64c240f..9dde78caa 100644 --- a/oh-my-zsh.sh +++ b/oh-my-zsh.sh @@ -8,6 +8,9 @@ fi # add a function path fpath=($ZSH/functions $ZSH/completions $fpath) +# Load all stock functions (from $fpath files) called below. +autoload -U compaudit compinit + # Set ZSH_CUSTOM to the path where your custom config files # and plugins exists, or else we will use the default custom/ if [[ -z "$ZSH_CUSTOM" ]]; then @@ -64,9 +67,14 @@ if [ -z "$ZSH_COMPDUMP" ]; then ZSH_COMPDUMP="${ZDOTDIR:-${HOME}}/.zcompdump-${SHORT_HOST}-${ZSH_VERSION}" fi -# Load and run compinit -autoload -U compinit -compinit -i -d "${ZSH_COMPDUMP}" +# If completion insecurities exist, warn the user without enabling completions. +if ! compaudit &>/dev/null; then + # This function resides in the "lib/compfix.zsh" script sourced above. + handle_completion_insecurities +# Else, enable and cache completions to the desired file. +else + compinit -d "${ZSH_COMPDUMP}" +fi # Load all of the plugins that were defined in ~/.zshrc for plugin ($plugins); do From da395c583770b466b5ba83c37d313a7b1c0024c9 Mon Sep 17 00:00:00 2001 From: leycec Date: Sat, 11 Jul 2015 00:52:54 -0400 Subject: [PATCH 3/4] Secure umask enforced during installation. For safety, a umask of 022 prohibiting both group and other writability is now enforced during OMZ installation. In theory, this should reduce the likelihood of subsequent compinit() failures due to insecure directory permissions under all platforms except for default Cygwin installations (in which Windows ACLs override POSIX umasks). --- tools/install.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/install.sh b/tools/install.sh index c83a6f23d..405f461e9 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -9,6 +9,13 @@ if [ -d "$ZSH" ]; then exit fi +# Prevent the cloned repository from having insecure permissions. Failing to do +# so causes compinit() calls to fail with "command not found: compdef" errors +# for users with insecure umasks (e.g., "002", allowing group writability). Note +# that this will be ignored under Cygwin by default, as Windows ACLs take +# precedence over umasks except for filesystems mounted with option "noacl". +umask g-w,o-w + echo "\033[0;34mCloning Oh My Zsh...\033[0m" hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || { echo "git not installed" From e8caf22beb8cde69f097382a75f6d1a247625030 Mon Sep 17 00:00:00 2001 From: leycec Date: Sat, 11 Jul 2015 00:54:36 -0400 Subject: [PATCH 4/4] Cygwin-specific "chsh" installation issue fixed. Installation previously assumed the existence of a "chsh" command in the current ${PATH}. Since Cygwin does *NOT* provide this command, installation now tests for the existence of this command before attempting to run it. --- tools/install.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tools/install.sh b/tools/install.sh index 405f461e9..f5836fdf6 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -39,12 +39,17 @@ sed -i -e "/export PATH=/ c\\ export PATH=\"$PATH\" " ~/.zshrc -TEST_CURRENT_SHELL=$(expr "$SHELL" : '.*/\(.*\)') -if [ "$TEST_CURRENT_SHELL" != "zsh" ]; then +# If this user's login shell is not already "zsh", attempt to switch. +if [ "$(expr "$SHELL" : '.*/\(.*\)')" != "zsh" ]; then + # If this platform provides a "chsh" command (not Cygwin), do it, man! + if hash chsh >/dev/null 2>&1; then echo "\033[0;34mTime to change your default shell to zsh!\033[0m" chsh -s $(grep /zsh$ /etc/shells | tail -1) + # Else, suggest the user do so manually. + else + echo "\033[0;34mPlease manually change your default shell to zsh!\033[0m" + fi fi -unset TEST_CURRENT_SHELL echo "\033[0;32m"' __ __ '"\033[0m" echo "\033[0;32m"' ____ / /_ ____ ___ __ __ ____ _____/ /_ '"\033[0m"