Anyone knows this warning?

youhaodeyi · January 6, 2009, 9:08am

When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIR

I have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?

thanks

youhaodeyi · January 6, 2009, 10:02am

Zhao Yi wrote:

When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIR

I have checked the SOMEDIR and its permission mode is 777.

Which means it’s world-writable, as the warning says. In octal:

7   7   7

111 111 111
rwx rwx rwx (user, group, world)

The warning comes from path_check_0 in file.c, which in turn is called
from rb_path_check, which checks each of the directories in your PATH.

It’s basically saying: when you do system(“foo”), one of your PATH
directories is world writable, so any random user on your system could
have installed their own “foo” executable which does whatever they like
(e.g. changing your password, or mailing your pr0n collection to your
girlfriend

How can I avoid this?

man chmod

youhaodeyi · January 6, 2009, 10:27am

Zhao Yi wrote:

why does ruby check its permission?

Because not heeding this warning is approximately the same as posting
your password in clear text to all users on the system.

Even if you have no other users on your system, if someone happens to
break in (e.g. through your web server or mail server), and gets a shell
running as any daemon user, they can exploit this hole to run any script
as your userid.

I do want this path writable. how
can I disable this warning?

I already pointed you at file.c. You will find a #if check in there,
which lets you recompile ruby with this check disabled.

I’m not going to hint further. If you are smart enough to understand
fully the consequences of disabling this check, then you a smart enough
to read the configure script and recompile ruby with this check
disabled.

youhaodeyi · January 6, 2009, 10:10am

Brian C. wrote:

Which means it’s world-writable, as the warning says. In octal:
7   7   7
111 111 111
rwx rwx rwx (user, group, world)

man chmod

why does ruby check its permission? I do want this path writable. how
can I disable this warning?

youhaodeyi · January 7, 2009, 5:11am

On Tue 6.Jan’09 at 18:14:05 +0900, Zhao Yi wrote:

why does ruby check its permission?
Why not? Ruby is letting you know that something bad can happen.

I do want this path writable. how can I disable this warning?

ruby -W0 /path/to/your_script

-drd

youhaodeyi · January 7, 2009, 6:47am

Zhao Yi wrote:

When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIR

I have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?

thanks

World read, write and execute is a bad thing if you’re on a shared
server with other users. Any good system will error and prevent it
from running, instead of blindling running it. Else you risk issues
where another user on the system can write to your files/directories,
destroy, modify or delete your valuable data, as well as open
exploitable potentials. If this is your own server and you don’t share
it with any other users (or other users you can’t trust), then you can
remove that check if you wish. Still, even when running with a lower
privileged user instead of your own for better protection (if you run
insecure scripts or you aren’t able to ensure they are secure), it
still shouldn’t need world write/execute.

youhaodeyi · January 7, 2009, 2:57pm

Zhao Yi wrote:

When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIR

I have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?

thanks

I understand that you want this directory to be world-writable, so this
is probably not much use for your current situation, but handy to know
nonetheless. You may want to configure a group, see /etc/groups, man
groups, or man chgrp instead of having it be world-writable.

With that aside, there are two ways to modify the permissions for files
and directories. In essence, it’s by name or by number. Using the names
is better when beginning. See man chmod for more details.

Basically, you can use the syntax ‘chmod <which_access_level><+ or
-><which_access_type>’.

<which_access_level> would be one of the following {a,u,g,o} where a is
all (user group and other), u is user, g is group, and o is other
(typically everyone else).

<+ or -> is a boolean true or false for turning on or off the
permission.

<which_access_type> would be {r,w,x} where r is read, w is write, and x
is execute.

So for example, if you wanted to remove the read ability for everyone
except the user and group, you would use:

chmod o-r test-file.txt

You can group them as well, so the following is valid for adding write
ability for the user and group:

chmod ug+r test-file.txt

The a for access level is a shortcut for all three. So to remove all
types ability to execute a file:

chmod a-x test-file.txt

Also, you will probably want to check into man chown for how to change
the user attribute for a specific file or set.

Hope that helps.

Best regards,
Ryan Masters
End Point Corp.
[email protected]