WezM.net The weblog of Wesley Moore

22Sep/086

zsh, Cygwin and Insecure Directories

In order to cope with having to use Windows at work I run Cygwin. My shell of choice is zsh. For whatever reason the Cygwin package of zsh installs with a serious of directories that the zsh completion system deems to be insecure and it makes sure you know this. Each time a new shell is opened (in my case through a Windows native rxvt terminal) I would receive the following warning:

Ignore insecure directories and continue [ny]?

Pressing 'y' becomes a bit tedious after a while so I decided to track down these insecure directories and fix them.

man zshcompsys reveals the following about the security check:

For security reasons compinit also checks if the completion system
would use files not owned by root or by the current user, or files in
directories that are world- or group-writable or that are not owned by
root or by the current user. If such files or directories are found,
compinit will ask if the completion system should really be used. To
avoid these tests and make all files found be used without asking, use
the option -u, and to make compinit silently ignore all insecure files
and directories use the option -i. This security check is skipped
entirely when the -C option is given.

The security check can be retried at any time by running the function
compaudit.

Running compaudit revealed the following:
% compaudit
There are insecure directories:
/usr/share/zsh/site-functions
/usr/share/zsh/4.3.4/functions
/usr/share/zsh
/usr/share/zsh/4.3.4

Examining the permissions on these directories showed they were all group writable.

% ls -ld /usr/share/zsh/site-functions
drwxrwx---+ 2 wmoore mkgroup-l-d 0 Sep 4 10:54 /usr/share/zsh/site-functions

Stripping them of the group write permission fixed the problem and made starting a new shell a little more pleasant.

% chmod g-w /usr/share/zsh/site-functions /usr/share/zsh/4.3.4/functions /usr/share/zsh /usr/share/zsh/4.3.4
% compaudit
%

Update: kylexlau provides this one line solution for correcting to permissions on each of the directories that compaudit returns:
compaudit | xargs chmod g-w

Related Posts

Filed under: Tips, UNIX, Windows Leave a comment
Comments (6) Trackbacks (0)
  1. Brad Wilson
    October 8th, 2008 - 07:51

    That worked for me. Thanks for the tip.

  2. zzapper
    January 5th, 2009 - 10:09

    Thanks this solution worked for me , but I had to change it to

    chmod 644 /usr/share/zsh/4.3.9/functions

  3. kylexlau
    January 9th, 2009 - 19:04

    Thank you.

    we can run a command like this:
    $ compaudit | xargs chmod g-w

  4. broli
    July 15th, 2009 - 03:32

    Thanks for this post!!

    i google it each time i install/update cygwin and the permisions are reset :P

  5. Wes
    July 15th, 2009 - 08:44

    Great, glad you find it useful. :-)

  6. Jeffrey
    September 15th, 2009 - 15:51

    Fixed the issue for me too. Thanks for the post


Leave a comment


Trackbacks are disabled.

« Pimping Vim on Windows Update Expectations »

Recent Comments

Categories

Links

Archives

Tags

adaptive atom awk bash benchmark books cake consolas core-audio debian decoder delivery expand feed font fonts git glob gripe installer iPhone ipod Linux mad melbourne microsoft mp3 mpg123 music package pocket-reference rss ruby script sed shell smoothing snow-leopard textmate title tux UNIX uri-scheme variable virtualbox

Meta

Contact