Can platform agnosticism be achieved?

[Luis Lavena]

Hello List,

I've been asking myself this question for quite some time, as Windows
user
need to break the rules and do things that don't work out of the box
with Ruby.

I know Ruby has it's root in posix and *nix OS, where things like
drive letters don't exist and full power is just four letters away
(sudo).

Since last year, I've decided to spend more time helping great OSS
Ruby
projects to Windows users, and in doing so, I review, check and edit
a lot of projects on rubyforge, github and other esoteric places.

The thing is I'm a bit annoyed of adding regexp around things like
sudo in Rakefiles. Yeah, it's annoying, 4 letters ends up adding 20
bytes
more just to avoid typing sudo in front of the rake command
you're calling.

Take as example the following gem install rake tasks (from DataMapper
and Merb dev):

namespace :gems do
desc 'Uninstall all RubyGems for this project'
task :wipe do
sudo = RUBY_PLATFORM =~ /win32|cygwin/ ? '' : 'sudo'
sh "#{sudo} gem uninstall #{project} --all --ignore-dependencies
--executables; true"
end
end

You see a big condition for sudo there. Take out of the consideration
that the regexp don't cover mingw as valid platform, or even don't
consider mswin64 (build of ruby 1.9 with VC9 for 64bits).

So, that regexp will become obsolete with time, at least for
Windows...
and the Windows folks will be required to patch it every time.

What about remove sudo from there and leave up to the user to make
that
decision? One example:

User perform some apt-get (ubuntu) tasks that requires sudo. He enters
his password to confirm the operation.
Under the same session, a few minutes later, he fires a rake task that
uses sudo, by mistake or because is not clearly advertised what It
does, he ends up messing with his gem repository, removing gems maybe
he
is using for other projects.

So, these rake tasks are doing more than they should, taking
privileges out of user hand and automating them, hiding the problem
when looking answer to "what happened?".

Or maybe I'm wrong, someone will say shut up or a flame war will get
started...

For the time being, those Windows user that don't want to patch a lot
of rakefiles that: 1) ignores platforms like mingw and java under
Windows (dunno how to get that), or 2) clearly ignores sudo is not
usable under windows.

type sudo.bat

@ECHO OFF
REM
REM Fake sudo for Windows
REM This help avoid tools that forces usage of 'sudo' on all the
REM platforms, not just *nix ones.
REM
REM Save this file as 'sudo.bat' and place it somewhere in your PATH
REM (ruby/bin is a good place too).
REM
CALL %*

Regards,

 

[Albert Schlef]

Take as example the following gem install rake tasks (from
DataMapper and Merb dev):

namespace :gems do
desc 'Uninstall all RubyGems for this project'
task :wipe do
sudo = RUBY_PLATFORM =~ /win32|cygwin/ ? '' : 'sudo'
sh "#{sudo} gem uninstall #{project} --all --ignore-dependencies
--executables; true"
end
end


What about remove sudo from there and leave up to the user
to make that decision?

IMO you're right. (When I used Fedora I didn't have 'sudo' at all.)

How to gain root priviledge is the user's own business. I may install
Ruby in my home directory, where I have write access to everything.
Putting 'sudo' thingies in Makefiles seems very wrong to me. Everybody
knows that when you install a unix program you do 'sudo make install' or
'su -c "make install"' *yourself*. It's *not* in the Makefile.

It might be that these programmers originated form the Windows culture.
Maybe they believe most of their users too are Linux novices, that don't
know about 'permissions', so they foolishly do 'sudo' for them.

 

[Tiago Macedo]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Honestly I can't see the point in writing sudo in a Rakefile either:

tmacedo@bolos ~ $ uname -a
Linux bolos 2.6.23-gentoo-r3 #3 SMP Thu Dec 6 17:20:18 WET 2007 i686
Intel(R) Pentium(R) M processor 1.20GHz GenuineIntel GNU/Linux
tmacedo@bolos ~ $ sudo
- -bash: sudo: command not found
tmacedo@bolos ~ $

Tiago Macedo

Albert Schlef wrote:
| Luis Lavena wrote:
|> Take as example the following gem install rake tasks (from
|> DataMapper and Merb dev):
|>
|> namespace :gems do
|> desc 'Uninstall all RubyGems for this project'
|> task :wipe do
|> sudo = RUBY_PLATFORM =~ /win32|cygwin/ ? '' : 'sudo'
|> sh "#{sudo} gem uninstall #{project} --all --ignore-dependencies
|> --executables; true"
|> end
|> end
|>
|>
|> What about remove sudo from there and leave up to the user
|> to make that decision?
|
| IMO you're right. (When I used Fedora I didn't have 'sudo' at all.)
|
| How to gain root priviledge is the user's own business. I may install
| Ruby in my home directory, where I have write access to everything.
| Putting 'sudo' thingies in Makefiles seems very wrong to me. Everybody
| knows that when you install a unix program you do 'sudo make install' or
| 'su -c "make install"' *yourself*. It's *not* in the Makefile.
|
| It might be that these programmers originated form the Windows culture.
| Maybe they believe most of their users too are Linux novices, that don't
| know about 'permissions', so they foolishly do 'sudo' for them.
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgrekcACgkQxFuRTtCTMvLiDQCeOO5V0ItpgSbszQX8cNPp06al
8DMAmQHxlxyQgfrMmBGdVAyTdUP9FAdX
=ccpW
-----END PGP SIGNATURE-----

 

[Phillip Gawlowski]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luis Lavena wrote:
| User perform some apt-get (ubuntu) tasks that requires sudo. He enters
| his password to confirm the operation.
| Under the same session, a few minutes later, he fires a rake task that
| uses sudo, by mistake or because is not clearly advertised what It
| does, he ends up messing with his gem repository, removing gems maybe
| he
| is using for other projects.
|
| So, these rake tasks are doing more than they should, taking
| privileges out of user hand and automating them, hiding the problem
| when looking answer to "what happened?".

In short: Merb is a security risk (as any other script that uses such a
technique). You should log a bug.

Everybody else: Proceed with caution.

And no, that it is OSS, is *not* an excuse. See the OpenSSL bruhaha in
Debian and Ubuntu at the moment.

- --
Phillip Gawlowski
Twitter: twitter.com/cynicalryan
Blog: http://justarubyist.blogspot.com

~ - You know you've been hacking too long when...
...the message `New mail in /usr/spool/mail/foo' becomes an NMI.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgrgk4ACgkQbtAgaoJTgL//6gCff/nqOcmKJ4kLWriZlHlHqLjA
h8YAoIRs7GMfbFEakZFpqKPXBdg91isp
=BG2I
-----END PGP SIGNATURE-----

 

[ara.t.howard]

How to gain root priviledge is the user's own business. I may install
Ruby in my home directory, where I have write access to everything.
Putting 'sudo' thingies in Makefiles seems very wrong to me. Everybody
knows that when you install a unix program you do 'sudo make
install' or
'su -c "make install"' *yourself*. It's *not* in the Makefile.

no, you should *never* do this. you should always do

./configure --prefix=prefix
make
sudo make install

although it's perhaps what you meant. this is a key point, because
programs like gems do all three. if you were required to type

sudo gem install

then certain things will not work (yes i know that you currently are
required to do so) because gcc, ld, and other programs will silently
behave differently when run as root, sometimes ignoring certain
environment variables. the inverse is also true - you cannot make a
setuid binary as a regular user. things like se-linux make this even
more confusing and then there are programs which need to be compiled
and owned by a certain user, like www, but which can only be written
into system space as root.

in short i really think the issue is windows not playing nice with
everyone else and that projects like msys, which shim the windows os
to be mostly posix compliant are the answer. consider that msys
addresses not only the sudo issue but the ar one, the gcc one, the ld
one, the bison one, the sh one, etc, etc, etc.

for years i've personally always considered msys a requirement for any
windows/ruby development, along side a hand compiled ruby, precisely
because it gives not only ruby, but the tools ruby and it's programs
require to operate at full speed.

that said any script which uses sudo should at *least* do

SUDO = ENV['SUDO']

so users can turn it off or possibly do some sort of test like

SUDO = system('sudo ls') ? 'sudo' : ''

etc.

anyhow, i feel your pain but think sudo the tip of a posix iceberg
more cleanly addressed outside of ruby.

cheers.

a @ http://codeforpeople.com/

 

[Albert Schlef]

Everybody knows that when you install a unix program you do 'sudo
make install' or 'su -c "make install"' *yourself*. It's *not* in the Makefile.

no, you should *never* do this. you should always do
[...]
make
sudo make instal

(Yes, I didn't mean one should compile under root (except the exceptions
you mentioned).)

this is a key point, because programs like gems do all three.

Ah, I didn't consider this.

I'm a very newbie, certainly regarding gem, so, everybody, take my words
with salt (however you say that in English).

 

[Luis Lavena]

no, you should *never* do this. you should always do

./configure --prefix=prefix
make
sudo make install

although it's perhaps what you meant. this is a key point, because
programs like gems do all three. if you were required to type

sudo gem install

then certain things will not work (yes i know that you currently are
required to do so) because gcc, ld, and other programs will silently
behave differently when run as root, sometimes ignoring certain
environment variables. the inverse is also true - you cannot make a
setuid binary as a regular user. things like se-linux make this even
more confusing and then there are programs which need to be compiled
and owned by a certain user, like www, but which can only be written
into system space as root.

in short i really think the issue is windows not playing nice with
everyone else and that projects like msys, which shim the windows os
to be mostly posix compliant are the answer. consider that msys
addresses not only the sudo issue but the ar one, the gcc one, the ld
one, the bison one, the sh one, etc, etc, etc.

Hmmn, are you talking about MSYS?

$ uname -a
MINGW32_NT-5.1 KEORE 1.0.11(0.46/3/2) 2007-07-29 17:16 i686 Msys

Luis@KEORE ~
$ sudo
sh: sudo: command not found

for years i've personally always considered msys a requirement for any
windows/ruby development, along side a hand compiled ruby, precisely
because it gives not only ruby, but the tools ruby and it's programs
require to operate at full speed.

that said any script which uses sudo should at *least* do

SUDO = ENV['SUDO']

so users can turn it off or possibly do some sort of test like

SUDO = system('sudo ls') ? 'sudo' : ''

etc.

anyhow, i feel your pain but think sudo the tip of a posix iceberg
more cleanly addressed outside of ruby.

Yes, and you can add that sudo is not even there for other Linux or
*nix implementations, like Tiago exposed too.

I think is user responsibility, again.

Regards,