fix issue (#22)

Co-authored-by: meganrogge <[email protected]>

Author: meganrogge

src/vs/platform/terminal/node/terminalEnvironment.ts

@@ -15,6 +15,8 @@ import { IShellLaunchConfig, ITerminalEnvironment, ITerminalProcessOptions } fro
 import { EnvironmentVariableMutatorType } from '../common/environmentVariable.js';
 import { deserializeEnvironmentVariableCollections } from '../common/environmentVariableShared.js';
 import { MergedEnvironmentVariableCollection } from '../common/environmentVariableCollection.js';
+import { chmod, realpathSync } from 'fs';
+import { promisify } from 'util';
 
 export function getWindowsBuildNumber(): number {
 	const osVersion = (/(\d+)\.(\d+)\.(\d+)/g).exec(os.release());
@@ -49,13 +51,14 @@ export interface IShellIntegrationConfigInjection {
  * that creates the process to ensure accuracy. Returns undefined if shell integration cannot be
  * enabled.
  */
-export function getShellIntegrationInjection(
+export async function getShellIntegrationInjection(
 	shellLaunchConfig: IShellLaunchConfig,
 	options: ITerminalProcessOptions,
 	env: ITerminalEnvironment | undefined,
 	logService: ILogService,
-	productService: IProductService
-): IShellIntegrationConfigInjection | undefined {
+	productService: IProductService,
+	skipStickyBit: boolean = false
+): Promise<IShellIntegrationConfigInjection | undefined> {
 	// Conditionally disable shell integration arg injection
 	// - The global setting is disabled
 	// - There is no executable (not sure what script to run)
@@ -212,7 +215,27 @@ export function getShellIntegrationInjection(
 			} catch {
 				username = 'unknown';
 			}
-			const zdotdir = path.join(os.tmpdir(), `${username}-${productService.applicationName}-zsh`);
+
+			// Resolve the actual tmp directory so we can set the sticky bit
+			const realTmpDir = realpathSync(os.tmpdir());
+			const zdotdir = path.join(realTmpDir, `${username}-${productService.applicationName}-zsh`);
+
+			// Set directory permissions using octal notation:
+			// - 0o1700:
+			// - Sticky bit is set, preventing non-owners from deleting or renaming files within this directory (1)
+			// - Owner has full read (4), write (2), execute (1) permissions
+			// - Group has no permissions (0)
+			// - Others have no permissions (0)
+			if (!skipStickyBit) {
+				// skip for tests
+				try {
+					const chmodAsync = promisify(chmod);
+					await chmodAsync(zdotdir, 0o1700);
+				} catch (err) {
+					logService.error(`Failed to set sticky bit on ${zdotdir}: ${err}`);
+					return undefined;
+				}
+			}
 			envMixin['ZDOTDIR'] = zdotdir;
 			const userZdotdir = env?.ZDOTDIR ?? os.homedir() ?? `~`;
 			envMixin['USER_ZDOTDIR'] = userZdotdir;

src/vs/platform/terminal/node/terminalProcess.ts

@@ -210,7 +210,7 @@ export class TerminalProcess extends Disposable implements ITerminalChildProcess
 
 		let injection: IShellIntegrationConfigInjection | undefined;
 		if (this._options.shellIntegration.enabled) {
-			injection = getShellIntegrationInjection(this.shellLaunchConfig, this._options, this._ptyOptions.env, this._logService, this._productService);
+			injection = await getShellIntegrationInjection(this.shellLaunchConfig, this._options, this._ptyOptions.env, this._logService, this._productService);
 			if (injection) {
 				this._onDidChangeProperty.fire({ type: ProcessPropertyType.UsedShellIntegrationInjection, value: true });
 				if (injection.envMixin) {