1

This may be a bug or misfeature in zsh, but I don't know it that well and I may be misunderstanding.

compinit (the function that initializes completions) runs compaudit to enforce a security model whereby it will only load completion functions from directories in your $fpath that are considered "secure" (owned by root or me, not world-writable, etc.). It will warn the user about insecure paths and prompt to either skip them or abort. That's all well and good.

It creates a cache of the results at ~/.zcompdump. AFAICT, it is only invalidated (i.e., deleted) manually.

I'm not entirely clear what's in the cache, so I can't say if this is really a big security issue. But, at the very least, compinit will consider the cache valid even if it's owned by a different user, thereby avoiding loading completion functions that are valid for the current user but weren't for the previous one.

This is happening to me every time I use sudo -s where my zsh installation is owned by me (OS X homebrew). It writes an incomplete completion cache. Then next shell I start, it loads the busted cache and doesn't see any completions.

Is this my problem? ZSH's? Homebrews?

nfirvine
  • 1,479
  • 12
  • 23
  • `~/` is a shortcut to your home directory, why would a different user be owning a file in your home directory? And how would they be leaving their completions in your home directory? – TessellatingHeckler Jan 06 '16 at 03:09
  • When I sudo, it writes a new cache as root in my home directory (not root's) – nfirvine Jan 06 '16 at 03:12
  • 1
    "When I sudo, it writes a new cache as root in my home directory (not root's)." Of course `SUDO_USER`'s `HOME` is the only reasonable choice, because on a multiuser system there could be multiple sudoers, and having all sudoers share the same cache as root would be a bigger problem. If you don't like that, run a true login root shell: `su -l`. – 4ae1e1 Jan 07 '16 at 08:37
  • 1
    Let's look at the other problem: "It writes an incomplete completion cache. Then next shell I start, it loads the busted cache and doesn't see any completions." I don't know if there's invalidation mechanism in place and I don't bother to test, but look, the cache is 644 with root as owner, so even if zsh wants to rewrite the cache it can't... You should really use `compdump -d some_custom_path` to avoid the clash, and also kill one extra clutter in your homedir. For me the custom path is `${XDG_DATA_HOME:-$HOME/.local/share}/zsh/compdump`. – 4ae1e1 Jan 07 '16 at 08:41
  • @4ae1e1: both good points. You almost need to have a cache for each $USER/$SUDO_USER pair. I think zsh's behaviour could be better. I'm using prezto which runs compinit for me; might need to convince them they need a -d – nfirvine Jan 07 '16 at 17:11
  • 1
    @nfirvine sorin-ionescu has been pretty much inactive on Prezto for the past year, with quite a few legit fixes (some from me) unmerged. I recommend that you fork Prezto. – 4ae1e1 Jan 07 '16 at 17:48
  • @4ae1e1: Huh. He replied briefly to the bug report at least. Problem with that is that I'm using prezto because yadr uses it as a submodule :( Lots of forking to be done. – nfirvine Jan 07 '16 at 18:56
  • 1
    @nfirvine To some bug fix PRs he replied and even said good things, but they weren't merged nevertheless. You get the idea. – 4ae1e1 Jan 07 '16 at 19:03

0 Answers0