summaryrefslogtreecommitdiff
path: root/lib/compfix.zsh
diff options
context:
space:
mode:
Diffstat (limited to 'lib/compfix.zsh')
-rw-r--r--lib/compfix.zsh44
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/compfix.zsh b/lib/compfix.zsh
new file mode 100644
index 000000000..b09b283f2
--- /dev/null
+++ b/lib/compfix.zsh
@@ -0,0 +1,44 @@
+# Handle completions insecurities (i.e., completion-dependent directories with
+# insecure ownership or permissions) by:
+#
+# * Human-readably notifying the user of these insecurities.
+function handle_completion_insecurities() {
+ # List of the absolute paths of all unique insecure directories, split on
+ # newline from compaudit()'s output resembling:
+ #
+ # There are insecure directories:
+ # /usr/share/zsh/site-functions
+ # /usr/share/zsh/5.0.6/functions
+ # /usr/share/zsh
+ # /usr/share/zsh/5.0.6
+ #
+ # Since the ignorable first line is printed to stderr and thus not captured,
+ # stderr is squelched to prevent this output from leaking to the user.
+ local -aU insecure_dirs
+ insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} )
+
+ # If no such directories exist, get us out of here.
+ [[ -z "${insecure_dirs}" ]] && return
+
+ # List ownership and permissions of all insecure directories.
+ print "[oh-my-zsh] Insecure completion-dependent directories detected:"
+ ls -ld "${(@)insecure_dirs}"
+
+ cat <<EOD
+
+[oh-my-zsh] For safety, we will not load completions from these directories until
+[oh-my-zsh] you fix their permissions and ownership and restart zsh.
+[oh-my-zsh] See the above list for directories with group or other writability.
+
+[oh-my-zsh] To fix your permissions you can do so by disabling
+[oh-my-zsh] the write permission of "group" and "others" and making sure that the
+[oh-my-zsh] owner of these directories is either root or your current user.
+[oh-my-zsh] The following command may help:
+[oh-my-zsh] compaudit | xargs chmod g-w,o-w
+
+[oh-my-zsh] If the above didn't help or you want to skip the verification of
+[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
+[oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.
+
+EOD
+}
generated by cgit v1.2.3-70-g09d2 (git 2.48.1) at 2025-02-09 08:22:23 +0000