> Have you tried chmod a+t as an alternative to chmod o-w?
i hadn't, but i can confirm that it works:
sh-3.00$ chmod o+w /cygdrive/c
sh-3.00$ ls -ld /cygdrive/c
drwxrwxrwx+ 35 Administrators root 12288 Jan 3 19:20 /cygdrive/c
sh-3.00$ /usr/bin/ruby -e 'system("echo")'
-e:1: warning: Insecure world writable dir /cygdrive/c, mode 040777
sh-3.00$ chmod a+t /cygdrive/c
sh-3.00$ /usr/bin/ruby -e 'system("echo")'
sh-3.00$
> It would be nice if setup.exe or the base-files postinstall would touch up
> standard directories with better permissions. Also, if you use ls --color
> with coreutils 5.93, insecure directories are given a different color to
> draw attention to them.
that sounds good to me.
Win32 (as opposed to Cygwin) Ruby seems to take the opposite approach, and
disables the "insecure world writable dir" check:
sh-3.00$ chmod o+w /cygdrive/c
sh-3.00$ ls -ld /cygdrive/c
drwxrwxrwx+ 35 Administrators root 12288 Jan 3 19:20 /cygdrive/c
sh-3.00$ ruby-win32 -e 'system("echo")'
ECHO is on.
but that sounds like a bad idea.
P.S. in /usr/share/doc/base-files/README, "some of the basic file" should read
"some of the basic files".
--
Elliott Hughes, BlueArc Engineering
-----Original Message-----
From: Eric Blake [mailto:[EMAIL PROTECTED]
Sent: 2006-01-06 05:57
To: Elliott Hughes
Cc: cygwin@cygwin.com
Subject: Re: 1.5.18: ruby warning: Insecure world writable dir /usr/local/bin,
mode 040777
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Elliott Hughes on 1/5/2006 5:53 PM:
> Ruby (on all Unixes, including Cygwin) warns if you try to run an external
> program and your $PATH contains a world-writable directory. It doesn't just
> check the directories on $PATH: it checks each of their parents, too, because
> if /usr/local (say) is world-writeable, /usr/local/bin is subverted as easily
> as if it were writeable itself.
World writable parent directories are not insecure if the sticky bit is
set, since then the subdirectory can only be replaced by owners. Have you
tried chmod a+t as an alternative to chmod o-w? I personally haven't used
ruby to see what warnings it prints.
>
> Cygwin seems to ship with various directories world-writable, so you get
> warnings if you run a Ruby script that runs external programs:
It would be nice if setup.exe or the base-files postinstall would touch up
standard directories with better permissions. Also, if you use ls --color
with coreutils 5.93, insecure directories are given a different color to
draw attention to them.
- --
Life is short - so eat dessert first!
Eric Blake [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDvncg84KuGfSFAYARAuv0AJ9eEIXMmTHq/rmICzW6/YOYRWYxkgCfZh9k
MnM+JEqp6ZxcKWXl6JFdE8k=
=V3Wl
-----END PGP SIGNATURE-----
