This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

1.5.18: ruby warning: Insecure world writable dir /usr/local/bin, mode 040777


Ruby (on all Unixes, including Cygwin) warns if you try to run an external program and your $PATH contains a world-writable directory. It doesn't just check the directories on $PATH: it checks each of their parents, too, because if /usr/local (say) is world-writeable, /usr/local/bin is subverted as easily as if it were writeable itself.
 
Cygwin seems to ship with various directories world-writable, so you get warnings if you run a Ruby script that runs external programs:
 
ehughes:~$ uname -a
CYGWIN_NT-5.0 ehughes 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
ehughes:~$ ruby -e 'system("echo")'
-e:1: warning: Insecure world writable dir /usr/local/bin, mode 040777
 
ehughes:~$ ruby -e '`echo`'
-e:1: warning: Insecure world writable dir /usr/local/bin, mode 040777
ehughes:~$ 

I installed Cygwin for all users, in case that's relevant.
 
The obvious work-around is to remove "other" write permission from the relevant directories:
 
chmod o-w /usr/local/bin
chmod o-w /usr/local
chmod o-w /usr
chmod o-w /etc # My company's default $PATH includes /etc on OSes where /sbin doesn't exist, such as SunOS.
chmod o-w /usr/sbin
chmod o-w /usr/bin
chmod o-w /usr/X11R6/bin
chmod o-w /usr/X11R6
chmod o-w /cygdrive/c
 
then Ruby's happy:
 
ehughes:~$ ruby -e '`echo`'
ehughes:~$
 
I couldn't find anything about this on the list archive, and Google mainly turns up matches in Japanese, plus one match I'm partly responsible for, giving the above work-around.
 
Is there a better way to solve this problem?
 
 --elliott

*********************************************************************************
This email and any attachment is confidential. It may only  be read, copied
 and used by the intended recipient(s). If you are not the intended recipient (s), you may not copy, use, distribute, forward, store or disclose this e-mail or any attachment. If you are not the intended recipient(s) or have otherwise received this e-mail in error, you should destroy it and any attachment and notify the sender by reply e-mail or send a message to: sysadmin@bluearc.com.
*********************************************************************************


Attachment: cygcheck.out
Description: cygcheck.out

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]