Merge pull request #3889 from leycec/compaudit

lib/compfix.zsh

+# Handle completions insecurities (i.e., completion-dependent directories with
+# insecure ownership or permissions) by:
+#
+# * Human-readably notifying the user of these insecurities.
+# * Moving away all existing completion caches to a temporary directory. Since
+#   any of these caches may have been generated from insecure directories, they
+#   are all suspect now. Failing to do so typically causes subsequent compinit()
+#   calls to fail with "command not found: compdef" errors. (That's bad.)
+function handle_completion_insecurities() {
+  # List of the absolute paths of all unique insecure directories, split on
+  # newline from compaudit()'s output resembling:
+  #
+  #     There are insecure directories:
+  #     /usr/share/zsh/site-functions
+  #     /usr/share/zsh/5.0.6/functions
+  #     /usr/share/zsh
+  #     /usr/share/zsh/5.0.6
+  #
+  # Since the ignorable first line is printed to stderr and thus not captured,
+  # stderr is squelched to prevent this output from leaking to the user. 
+  local -aU insecure_dirs
+  insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} )
+
+  # If no such directories exist, get us out of here.
+  if (( ! ${#insecure_dirs} )); then
+      print "[oh-my-zsh] No insecure completion-dependent directories detected."
+      return
+  fi
+
+  # List ownership and permissions of all insecure directories.
+  print "[oh-my-zsh] Insecure completion-dependent directories detected:"
+  ls -ld "${(@)insecure_dirs}"
+  print "[oh-my-zsh] For safety, completions will be disabled until you manually fix all"
+  print "[oh-my-zsh] insecure directory permissions and ownership and restart oh-my-zsh."
+  print "[oh-my-zsh] See the above list for directories with group or other writability.\n"
+
+  # Locally enable the "NULL_GLOB" option, thus removing unmatched filename
+  # globs from argument lists *AND* printing no warning when doing so. Failing
+  # to do so prints an unreadable warning if no completion caches exist below.
+  setopt local_options null_glob
+
+  # List of the absolute paths of all unique existing completion caches.
+  local -aU zcompdump_files
+  zcompdump_files=( "${ZSH_COMPDUMP}"(.) "${ZDOTDIR:-${HOME}}"/.zcompdump* )
+
+  # Move such caches to a temporary directory.
+  if (( ${#zcompdump_files} )); then
+    # Absolute path of the directory to which such files will be moved.
+    local ZSH_ZCOMPDUMP_BAD_DIR="${ZSH_CACHE_DIR}/zcompdump-bad"
+
+    # List such files first.
+    print "[oh-my-zsh] Insecure completion caches also detected:"
+    ls -l "${(@)zcompdump_files}"
+
+    # For safety, move rather than permanently remove such files.
+    print "[oh-my-zsh] Moving to \"${ZSH_ZCOMPDUMP_BAD_DIR}/\"...\n"
+    mkdir -p "${ZSH_ZCOMPDUMP_BAD_DIR}"
+    mv "${(@)zcompdump_files}" "${ZSH_ZCOMPDUMP_BAD_DIR}/"
+  fi
+}

oh-my-zsh.sh

@@ -8,6 +8,9 @@ fi
 # add a function path
 fpath=($ZSH/functions $ZSH/completions $fpath)
 
+# Load all stock functions (from $fpath files) called below.
+autoload -U compaudit compinit
+
 # Set ZSH_CUSTOM to the path where your custom config files
 # and plugins exists, or else we will use the default custom/
 if [[ -z "$ZSH_CUSTOM" ]]; then
@@ -59,9 +62,14 @@ if [ -z "$ZSH_COMPDUMP" ]; then
   ZSH_COMPDUMP="${ZDOTDIR:-${HOME}}/.zcompdump-${SHORT_HOST}-${ZSH_VERSION}"
 fi
 
-# Load and run compinit
-autoload -U compinit
-compinit -i -d "${ZSH_COMPDUMP}"
+# If completion insecurities exist, warn the user without enabling completions.
+if ! compaudit &>/dev/null; then
+  # This function resides in the "lib/compfix.zsh" script sourced above.
+  handle_completion_insecurities
+# Else, enable and cache completions to the desired file.
+else
+  compinit -d "${ZSH_COMPDUMP}"
+fi
 
 # Load all of the plugins that were defined in ~/.zshrc
 for plugin ($plugins); do

tools/install.sh

@@ -16,6 +16,13 @@ if [ -d "$ZSH" ]; then
   exit
 fi
 
+# Prevent the cloned repository from having insecure permissions. Failing to do
+# so causes compinit() calls to fail with "command not found: compdef" errors
+# for users with insecure umasks (e.g., "002", allowing group writability). Note
+# that this will be ignored under Cygwin by default, as Windows ACLs take
+# precedence over umasks except for filesystems mounted with option "noacl".
+umask g-w,o-w
+
 echo "\033[0;34mCloning Oh My Zsh...\033[0m"
 hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || {
   echo "git not installed"
@@ -41,12 +48,17 @@ export PATH=\"$PATH\"
 " ~/.zshrc > ~/.zshrc-omztemp
 mv -f ~/.zshrc-omztemp ~/.zshrc
 
-TEST_CURRENT_SHELL=$(expr "$SHELL" : '.*/\(.*\)')
-if [ "$TEST_CURRENT_SHELL" != "zsh" ]; then
+# If this user's login shell is not already "zsh", attempt to switch.
+if [ "$(expr "$SHELL" : '.*/\(.*\)')" != "zsh" ]; then
+  # If this platform provides a "chsh" command (not Cygwin), do it, man!
+  if hash chsh >/dev/null 2>&1; then
     echo "\033[0;34mTime to change your default shell to zsh!\033[0m"
     chsh -s $(grep /zsh$ /etc/shells | tail -1)
+  # Else, suggest the user do so manually.
+  else
+    echo "\033[0;34mPlease manually change your default shell to zsh!\033[0m"
+  fi
 fi
-unset TEST_CURRENT_SHELL
 
 echo "\033[0;32m"'         __                                     __   '"\033[0m"
 echo "\033[0;32m"'  ____  / /_     ____ ___  __  __   ____  _____/ /_  '"\033[0m"