"disallow sticky world writable directory in PATH": Why?

[Erik Veenstra]

Found in ChangeLog-1.8.3:

Wed Sep 21 02:44:09 2005 Yukihiro Matsumoto <[email protected]>
file.c (path_check_0): disallow sticky world writable directory in PATH (and $LOAD_PATH). [ruby-dev:27226]

Why is this changed in Ruby 1.8.3?

And how can I work around this check? It's annyoing...

I added a simple test below.

Thanks.

gegroet,
Erik V. - http://www.erikveen.dds.nl/

----------------------------------------------------------------

$ cat /tmp/test/test1.rb
ENV

$ cat /tmp/test/test2.rb
ENV["PATH"]

----------------------------------------------------------------

$ useruby182
ruby 1.8.2 (2004-12-24) [i686-linux]

$ PATH=$PATH:/tmp/test ruby /tmp/test/test1.rb

$ PATH=$PATH:/tmp/test ruby /tmp/test/test2.rb

----------------------------------------------------------------

$ useruby183
ruby 1.8.3 (2005-09-21) [i686-linux]

$ PATH=$PATH:/tmp/test ruby /tmp/test/test1.rb

$ PATH=$PATH:/tmp/test ruby /tmp/test/test2.rb
/tmp/test/test2.rb:1: warning: Insecure world writable dir /tmp, mode 041777

----------------------------------------------------------------

 

[ara.t.howard]

Found in ChangeLog-1.8.3:

Wed Sep 21 02:44:09 2005 Yukihiro Matsumoto <[email protected]>
file.c (path_check_0): disallow sticky world writable directory in PATH (and $LOAD_PATH). [ruby-dev:27226]

Why is this changed in Ruby 1.8.3?

And how can I work around this check? It's annyoing...

$VERBOSE = nil

there are a few other annyoing warnings, and some good ones, that this shuts
up. in my opinion the system level and language level warnings should be
controlled differently for this reason. i work in a collaborative laboratory
so you can imagine we have thousands of group writable directories. i can
have every single one of my shared programs spew warnings when run (hardly
confidence inspiring) so i simply must turn $VERBOSE off ;-(


-a
--
===============================================================================
| ara [dot] t [dot] howard [at] noaa [dot] gov
| all happiness comes from the desire for others to be happy. all misery
| comes from the desire for oneself to be happy.
| -- bodhicaryavatara
===============================================================================

 

[Erik Veenstra]

Found in ChangeLog-1.8.3:

Wed Sep 21 02:44:09 2005 Yukihiro Matsumoto <[email protected]>
file.c (path_check_0): disallow sticky world writable directory in PATH (and $LOAD_PATH). [ruby-dev:27226]

Why is this changed in Ruby 1.8.3?

And how can I work around this check? It's annyoing...

$VERBOSE = nil

I noticed that the check on ENV["PATH"] is done only once (see
test3). That means that we can turn verbose message off, use
ENV["PATH"] as a dummy statement and turn verbose message back
on (see test4). All other references to ENV["PATH"] are
unchecked. All other messages are still displayed.

Thanks.

gegroet,
Erik V. - http://www.erikveen.dds.nl/

----------------------------------------------------------------

$ ruby -v
ruby 1.8.3 (2005-09-21) [i686-linux]

$ cat /tmp/test/test3.rb
ENV["PATH"]
ENV["PATH"]

$ PATH=$PATH:/tmp/test ruby /tmp/test/test3.rb
/tmp/test/test3.rb:1: warning: Insecure world writable dir /tmp, mode 041777

----------------------------------------------------------------

$ cat /tmp/test/test4.rb
$VERBOSE=nil
ENV["PATH"]
$VERBOSE=true
ENV["PATH"]

$ PATH=$PATH:/tmp/test ruby /tmp/test/test4.rb

----------------------------------------------------------------

 

[Zed A. Shaw]

I didn't write it or have anything to do with it, but it's done because
*anybody* can inject Ruby code into your program. I really can't think
of a valid reason why you'd put a library file into such a directory
and include that directory in your PATH.

Looking at your examples below you've basically opened the
gates of hell by putting /tmp in your PATH. Simply don't do this.

I mean seriously, you can't be bothered to create a new directory for
your stuff that only you own? And, if the file needs to be shared, why
aren't you installing it properly in the ruby library standard way?
If it is a situation where you don't have control of the system
and need to install for a group of people, then I suggest you find the
sysadmin and beat him until he agrees to install your stuff. Tell him
to setup sudo such that you can at least run gem and your problems are
solved.

Finally, if you absolutely *must* share a PATH directory with other
people then at least be smart: get a group created and set the
directory writable *only* by this group, not the whole world.

Anyway, the way you're doing things is going to cause you major
problems.

Zed A. Shaw
http://www.zedshaw.com/

 

[Erik Veenstra]

I didn't write it or have anything to do with it, but it's

done because *anybody* can inject Ruby code into your
program.

If /tmp is a sticky directory (it is) and /tmp/$APP.$$.tmp is
owned by me (it is) and I'm the only person able to add or
alter files in it (I am), how can somebody else, let alone
*anybody*, inject Ruby code in my application?

I logged on as a different user and tried to corrupt, move,
delete and alter the temporary tree of a running application. I
couldn't.

I really can't think of a valid reason why you'd put a
library file into such a directory and include that directory
in your PATH.

But I can... If you create temporary files in your application,
you can use /tmp. Well, you *should* use /tmp. It's invented
for exactly that. Even when it is a temporary library file or
an embedded application which is extracted to /tmp/$APP.$$.tmp.

Looking at your examples below you've basically opened the
gates of hell by putting /tmp in your PATH. Simply don't do
this.

Did I say that I added /tmp in my path? I didn't add /tmp in my
path. Though I did add /tmp/$APP.$$.tmp/bin in my path. But
that directory is owned by me and /tmp is very sticky. What's
the problem?

(I skipped the rest of your message, which was based on
assumptions...)

Anyway, the way you're doing things is going to cause you
major problems.

If so, please explain.

Thanks.

gegroet,
Erik V. - http://www.erikveen.dds.nl/

 

[Yukihiro Matsumoto]

Hi,

In message "Re: "disallow sticky world writable directory in PATH": Why?"

| Wed Sep 21 02:44:09 2005 Yukihiro Matsumoto <[email protected]>
| file.c (path_check_0): disallow sticky world writable directory in PATH (and $LOAD_PATH). [ruby-dev:27226]
|
|Why is this changed in Ruby 1.8.3?
|And how can I work around this check? It's annyoing...

Warning condition may be too loose. Let me re-consider, although it's
bit too late for 1.8.4 which is scheduled for Christmas.

matz.