This is the mail archive of the
mailing list for the Cygwin project.
Re: 1.5.18: ruby warning: Insecure world writable dir /usr/local/bin, mode 040777
-----BEGIN PGP SIGNED MESSAGE-----
According to Elliott Hughes on 1/5/2006 5:53 PM:
> Ruby (on all Unixes, including Cygwin) warns if you try to run an external program and your $PATH contains a world-writable directory. It doesn't just check the directories on $PATH: it checks each of their parents, too, because if /usr/local (say) is world-writeable, /usr/local/bin is subverted as easily as if it were writeable itself.
World writable parent directories are not insecure if the sticky bit is
set, since then the subdirectory can only be replaced by owners. Have you
tried chmod a+t as an alternative to chmod o-w? I personally haven't used
ruby to see what warnings it prints.
> Cygwin seems to ship with various directories world-writable, so you get warnings if you run a Ruby script that runs external programs:
It would be nice if setup.exe or the base-files postinstall would touch up
standard directories with better permissions. Also, if you use ls --color
with coreutils 5.93, insecure directories are given a different color to
draw attention to them.
Life is short - so eat dessert first!
Eric Blake email@example.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html