Insecure word writable dir?

When I exec another program from inside Ruby, I get this warning:
"warning: Insecure world writable dir /tmp, mode 041777"

Here's /tmp
drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/

Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

Joe

it's very annoying.

$VERBOSE=nil

-a

···

On Fri, 1 Sep 2006, Joe Van Dyk wrote:

When I exec another program from inside Ruby, I get this warning:
"warning: Insecure world writable dir /tmp, mode 041777"

Here's /tmp
drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/

Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

Joe

--
what science finds to be nonexistent, we must accept as nonexistent; but what
science merely does not find is a completely different matter... it is quite
clear that there are many, many mysterious things.
- h.h. the 14th dalai lama

Hi,

···

In message "Re: Insecure word writable dir?" on Fri, 1 Sep 2006 05:18:32 +0900, "Joe Van Dyk" <joevandyk@gmail.com> writes:

When I exec another program from inside Ruby, I get this warning:
"warning: Insecure world writable dir /tmp, mode 041777"

Here's /tmp
drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/

Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

That means you have world writable directory in your load path ($PATH)
when you call external program (probably by using "system"). If you
know what you are doing, you can shut the warning up by

$VERBOSE=nil

as Ara told in [ruby-talk:211832].

              matz.

Index: file.c

···

On Aug 31, 2006, at 6:17 PM, Yukihiro Matsumoto wrote:

In message "Re: Insecure word writable dir?" > on Fri, 1 Sep 2006 05:18:32 +0900, "Joe Van Dyk" > <joevandyk@gmail.com> writes:

>When I exec another program from inside Ruby, I get this warning:
>"warning: Insecure world writable dir /tmp, mode 041777"
>
>Here's /tmp
>drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/
>
>Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

That means you have world writable directory in your load path ($PATH)
when you call external program (probably by using "system"). If you
know what you are doing, you can shut the warning up by

$VERBOSE=nil

as Ara told in [ruby-talk:211832].

===================================================================
RCS file: /src/ruby/file.c,v
retrieving revision 1.246
diff -p -u -r1.246 file.c
--- file.c 31 Aug 2006 11:24:44 -0000 1.246
+++ file.c 1 Sep 2006 05:09:38 -0000
@@ -4073,7 +4073,7 @@ path_check_0(VALUE path, int loadpath)
             && (loadpath || !(st.st_mode & S_ISVTX))
#endif
             && !access(p0, W_OK)) {
- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
+ rb_warn("Insecure world writable dir %s, mode 0%o in $LOAD_PATH", p0, st.st_mode);
             if (p) *p = '/';
             return 0;
         }

--
Eric Hodel - drbrain@segment7.net - http://blog.segment7.net
This implementation is HODEL-HASH-9600 compliant

http://trackmap.robotcoop.com

I _like_ $VERBOSE and run it with everything but rails (because: ugh). That said, on my mac mini, where all user directories are on a separate disk, I get this warning constantly because of the automounter directory /Volumes

% pwd
/Volumes/Users/ryan/
% ls -lad /Volumes/
drwxrwxrwt 6 root admin 204 Aug 27 20:44 /Volumes/
% cd /tmp; ruby -we '`/bin/ls`'
-e:1: warning: Insecure world writable dir /Volumes, mode 041777

this is because my PATH has /Volumes/Users/ryan/Bin but as you can see above, the warning is irrelevant to the actual code being executed, my pwd, or much of anything else. :confused:

$VERBOSE is valuable, very valuable... could we perhaps move this warning to $DEBUG or only if $SAFE is set or something?

···

On Aug 31, 2006, at 6:17 PM, Yukihiro Matsumoto wrote:

That means you have world writable directory in your load path ($PATH)
when you call external program (probably by using "system"). If you
know what you are doing, you can shut the warning up by

$VERBOSE=nil

Hi,

···

In message "Re: Insecure word writable dir?" on Fri, 1 Sep 2006 14:11:45 +0900, Eric Hodel <drbrain@segment7.net> writes:

- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);

+ rb_warn("Insecure world writable dir %s, mode 0%o in $LOAD_PATH", p0, st.st_mode);

It's better, but this warning can be caused by both $PATH and
$LOAD_PATH, and currently has no clue to distinguish in this function.

              matz.

i second that. it's the only reason i don't use $VERBOSE too.

-a

···

On Thu, 7 Sep 2006, Ryan Davis wrote:

On Aug 31, 2006, at 6:17 PM, Yukihiro Matsumoto wrote:

That means you have world writable directory in your load path ($PATH)
when you call external program (probably by using "system"). If you
know what you are doing, you can shut the warning up by

$VERBOSE=nil

I _like_ $VERBOSE and run it with everything but rails (because: ugh). That said, on my mac mini, where all user directories are on a separate disk, I get this warning constantly because of the automounter directory /Volumes

% pwd
/Volumes/Users/ryan/
% ls -lad /Volumes/
drwxrwxrwt 6 root admin 204 Aug 27 20:44 /Volumes/
% cd /tmp; ruby -we '`/bin/ls`'
-e:1: warning: Insecure world writable dir /Volumes, mode 041777

this is because my PATH has /Volumes/Users/ryan/Bin but as you can see above, the warning is irrelevant to the actual code being executed, my pwd, or much of anything else. :confused:

$VERBOSE is valuable, very valuable... could we perhaps move this warning to $DEBUG or only if $SAFE is set or something?

--
what science finds to be nonexistent, we must accept as nonexistent; but what
science merely does not find is a completely different matter... it is quite
clear that there are many, many mysterious things.
- h.h. the 14th dalai lama

Hi,

At Fri, 1 Sep 2006 17:15:49 +0900,
Yukihiro Matsumoto wrote in [ruby-talk:211948]:

It's better, but this warning can be caused by both $PATH and
$LOAD_PATH, and currently has no clue to distinguish in this function.

I guess fpath_check() to be check for LOAD_PATH but not for
PATH. Though I' not sure rb_loadpath_check() is really
necessary, when the required file is found in safe path.

Index: file.c

···

===================================================================
RCS file: /cvs/ruby/src/ruby/file.c,v
retrieving revision 1.246
diff -p -u -2 -r1.246 file.c
--- file.c 31 Aug 2006 11:24:44 -0000 1.246
+++ file.c 2 Sep 2006 06:51:28 -0000
@@ -4074,5 +4074,6 @@ path_check_0(VALUE path, int loadpath)
#endif
       && !access(p0, W_OK)) {
- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
+ rb_warn("Insecure world writable dir %s, mode 0%o in %s",
+ p0, st.st_mode, loadpath ? "$LOAD_PATH" : "PATH");
       if (p) *p = '/';
       return 0;
@@ -4091,5 +4092,5 @@ fpath_check(const char *path)
{
#ifndef DOSISH
- return path_check_0(rb_str_new2(path), Qfalse);
+ return path_check_0(rb_str_new2(path), Qtrue);
#else
     return 1;
@@ -4097,6 +4098,6 @@ fpath_check(const char *path)
}

-int
-rb_path_check(const char *path)
+static int
+rb_pathlist_check(const char *path, int loadpath)
{
#ifndef DOSISH
@@ -4112,5 +4113,5 @@ rb_path_check(const char *path)

     for (;:wink: {
- if (!path_check_0(rb_str_new(p0, p - p0), Qtrue)) {
+ if (!path_check_0(rb_str_new(p0, p - p0), loadpath)) {
       return 0; /* not safe */
   }
@@ -4124,4 +4125,16 @@ rb_path_check(const char *path)
}

+int
+rb_path_check(const char *path)
+{
+ return rb_pathlist_check(path, Qfalse);
+}
+
+int
+rb_loadpath_check(const char *path)
+{
+ return rb_pathlist_check(path, Qtrue);
+}
+
#if defined(__MACOS__) || defined(riscos)
static int
@@ -4203,6 +4216,8 @@ rb_find_file(VALUE path)

     if (f[0] == '~') {
+ volatile VALUE prevent_from_gc = path;
   path = rb_file_expand_path(path, Qnil);
   if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) {
+ (void)prevent_from_gc;
       rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
   }
@@ -4249,7 +4264,9 @@ rb_find_file(VALUE path)
   else {
       lpath = RSTRING_PTR(tmp);
- if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
+#if 0
+ if (rb_safe_level() >= 1 && !rb_loadpath_check(lpath)) {
     rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
       }
+#endif
   }
     }
Index: intern.h

RCS file: /cvs/ruby/src/ruby/intern.h,v
retrieving revision 1.199
diff -p -u -2 -r1.199 intern.h
--- intern.h 31 Aug 2006 08:24:36 -0000 1.199
+++ intern.h 2 Sep 2006 06:48:03 -0000
@@ -326,4 +326,5 @@ VALUE rb_hash_delete_if(VALUE);
VALUE rb_hash_delete(VALUE,VALUE);
int rb_path_check(const char*);
+int rb_loadpath_check(const char*);
int rb_env_path_tainted(void);
/* io.c */

--
Nobu Nakada

Hi,

···

In message "Re: Insecure word writable dir?" on Thu, 7 Sep 2006 05:18:34 +0900, ara.t.howard@noaa.gov writes:

$VERBOSE is valuable, very valuable... could we perhaps move this warning to
$DEBUG or only if $SAFE is set or something?

i second that. it's the only reason i don't use $VERBOSE too.

We've changed the condition. World writable parent directories would
not cause warnings if they have sticky bits set. I am not sure if it
works on Windows as well.

              matz.

Hi,

At Thu, 7 Sep 2006 08:08:29 +0900,
Yukihiro Matsumoto wrote in [ruby-talk:213041]:

We've changed the condition. World writable parent directories would
not cause warnings if they have sticky bits set. I am not sure if it
works on Windows as well.

The check is disabled on Windows.

I guess it should be disabled on Cygwin too.

Index: file.c

···

===================================================================
RCS file: /home/K8052/cvs/ruby/file.c,v
retrieving revision 1.248
diff -U 2 -p -u -r1.248 file.c
--- file.c 4 Sep 2006 20:49:52 -0000 1.248
+++ file.c 5 Sep 2006 08:43:05 -0000
@@ -4045,5 +4045,13 @@ is_absolute_path(const char *path)
}

-#ifndef DOSISH
+#ifndef ENABLE_PATH_CHECK
+# if defined DOSISH || defined __CYGWIN__
+# define ENABLE_PATH_CHECK 0
+# else
+# define ENABLE_PATH_CHECK 1
+# endif
+#endif
+
+#if ENABLE_PATH_CHECK
static int
path_check_0(VALUE path, int execpath)
@@ -4090,5 +4098,5 @@ static int
fpath_check(const char *path)
{
-#ifndef DOSISH
+#if ENABLE_PATH_CHECK
     return path_check_0(rb_str_new2(path), Qfalse);
#else
@@ -4100,5 +4108,5 @@ int
rb_path_check(const char *path)
{
-#ifndef DOSISH
+#if ENABLE_PATH_CHECK
     const char *p0, *p, *pend;
     const char sep = PATH_SEP_CHAR;

--
Nobu Nakada

Hi,

···

In message "Re: Insecure word writable dir?" on Thu, 7 Sep 2006 14:14:38 +0900, "Nobuyoshi Nakada" <nobu@ruby-lang.org> writes:

The check is disabled on Windows.

I guess it should be disabled on Cygwin too.

Please commit.

              matz.