From: Frank Terbeck <ft@grml.org>
Date: Sat, 25 Mar 2017 16:33:27 +0000 (+0100)
Subject: Handle volatile characters in prompts with promptsubst set
X-Git-Tag: v0.14.0~1
X-Git-Url: http://git.grml.org/?a=commitdiff_plain;h=38a1b613f10a162812ce91075bdf3ec102126dc1;hp=38a1b613f10a162812ce91075bdf3ec102126dc1;p=grml-etc-core.git

Handle volatile characters in prompts with promptsubst set

We don't set that option, but users may do it in .zshrc.local or similar.

The issue is that performing expansions on a prompt string is an exploitable
vulnerability, if you do not contol every part the prompt string is made up of.

This is what is demonstrated by

  https://github.com/njhartwell/pw3nage

Per default, the code strips [$`] from a final prompt string, so you can't
really take advantage of prompt subst, even though you have it set. If the
prompt_subst option is not set, the code does not kick in at all.

If you want more control over which parts of the prompt are stripped, so you
can take control of prompt_subst, you can do that as well.  Here's an example
that only strips the data returned from vcs_info:

  zstyle ':prompt:grml:*:items:vcs' strip-sensitive-characters on
  zstyle ':prompt:grml:*:setup' strip-sensitive-characters off

Now you can take advantage of prompt_subst in privately defined tokens (even
though I'd use a token that calls a function callback instead of inserting a
string that relies on prompt_subst — but that's just me).

Reported-by: Joerg Jaspert <joerg@debian.org>
---