This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.5.18: ruby warning: Insecure world writable dir /usr/local/bin, mode 040777

Hash: SHA1

According to Elliott Hughes on 1/5/2006 5:53 PM:
> Ruby (on all Unixes, including Cygwin) warns if you try to run an external program and your $PATH contains a world-writable directory. It doesn't just check the directories on $PATH: it checks each of their parents, too, because if /usr/local (say) is world-writeable, /usr/local/bin is subverted as easily as if it were writeable itself.

World writable parent directories are not insecure if the sticky bit is
set, since then the subdirectory can only be replaced by owners.  Have you
tried chmod a+t as an alternative to chmod o-w?  I personally haven't used
ruby to see what warnings it prints.

> Cygwin seems to ship with various directories world-writable, so you get warnings if you run a Ruby script that runs external programs:

It would be nice if setup.exe or the base-files postinstall would touch up
standard directories with better permissions.  Also, if you use ls --color
with coreutils 5.93, insecure directories are given a different color to
draw attention to them.

- --
Life is short - so eat dessert first!

Eric Blake   
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at
Comment: Using GnuPG with Thunderbird -


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]