Asp Forum - Insecure word writable dir?

Joe Van Dyk

8/31/2006 8:19:00 PM

When I exec another program from inside Ruby, I get this warning:
"warning: Insecure world writable dir /tmp, mode 041777"

Here's /tmp
drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/

Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

Joe

10 Answers

Ara.T.Howard

8/31/2006 8:31:00 PM

Yukihiro Matsumoto

9/1/2006 1:18:00 AM

Hi,

In message "Re: Insecure word writable dir?"
on Fri, 1 Sep 2006 05:18:32 +0900, "Joe Van Dyk" <joevandyk@gmail.com> writes:

|When I exec another program from inside Ruby, I get this warning:
|"warning: Insecure world writable dir /tmp, mode 041777"
|
|Here's /tmp
|drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/
|
|Any ideas? It's sort of annoying. I thought /tmp had to be world writable.

That means you have world writable directory in your load path ($PATH)
when you call external program (probably by using "system"). If you
know what you are doing, you can shut the warning up by

$VERBOSE=nil

as Ara told in [ruby-talk:211832].

matz.

Eric Hodel

9/1/2006 5:12:00 AM

On Aug 31, 2006, at 6:17 PM, Yukihiro Matsumoto wrote:

> In message "Re: Insecure word writable dir?"
> on Fri, 1 Sep 2006 05:18:32 +0900, "Joe Van Dyk"
> <joevandyk@gmail.com> writes:
>
> |When I exec another program from inside Ruby, I get this warning:
> |"warning: Insecure world writable dir /tmp, mode 041777"
> |
> |Here's /tmp
> |drwxrwxrwt 17 root root 4096 Aug 31 13:16 /tmp/
> |
> |Any ideas? It's sort of annoying. I thought /tmp had to be world
> writable.
>
> That means you have world writable directory in your load path ($PATH)
> when you call external program (probably by using "system"). If you
> know what you are doing, you can shut the warning up by
>
> $VERBOSE=nil
>
> as Ara told in [ruby-talk:211832].

Index: file.c
===================================================================
RCS file: /src/ruby/file.c,v
retrieving revision 1.246
diff -p -u -r1.246 file.c
--- file.c 31 Aug 2006 11:24:44 -0000 1.246
+++ file.c 1 Sep 2006 05:09:38 -0000
@@ -4073,7 +4073,7 @@ path_check_0(VALUE path, int loadpath)
&& (loadpath || !(st.st_mode & S_ISVTX))
#endif
&& !access(p0, W_OK)) {
- rb_warn("Insecure world writable dir %s, mode 0%o", p0,
st.st_mode);
+ rb_warn("Insecure world writable dir %s, mode 0%o in
$LOAD_PATH", p0, st.st_mode);
if (p) *p = '/';
return 0;
}

--
Eric Hodel - drbrain@segment7.net - http://blog.se...
This implementation is HODEL-HASH-9600 compliant

http://trackmap.rob...

Yukihiro Matsumoto

9/1/2006 8:16:00 AM

Hi,

In message "Re: Insecure word writable dir?"
on Fri, 1 Sep 2006 14:11:45 +0900, Eric Hodel <drbrain@segment7.net> writes:

|- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
|
|+ rb_warn("Insecure world writable dir %s, mode 0%o in $LOAD_PATH", p0, st.st_mode);

It's better, but this warning can be caused by both $PATH and
$LOAD_PATH, and currently has no clue to distinguish in this function.

matz.

Nobuyoshi Nakada

9/2/2006 6:55:00 AM

Hi,

At Fri, 1 Sep 2006 17:15:49 +0900,
Yukihiro Matsumoto wrote in [ruby-talk:211948]:
> It's better, but this warning can be caused by both $PATH and
> $LOAD_PATH, and currently has no clue to distinguish in this function.

I guess fpath_check() to be check for LOAD_PATH but not for
PATH. Though I' not sure rb_loadpath_check() is really
necessary, when the required file is found in safe path.

Index: file.c
===================================================================
RCS file: /cvs/ruby/src/ruby/file.c,v
retrieving revision 1.246
diff -p -u -2 -r1.246 file.c
--- file.c 31 Aug 2006 11:24:44 -0000 1.246
+++ file.c 2 Sep 2006 06:51:28 -0000
@@ -4074,5 +4074,6 @@ path_check_0(VALUE path, int loadpath)
#endif
&& !access(p0, W_OK)) {
- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
+ rb_warn("Insecure world writable dir %s, mode 0%o in %s",
+ p0, st.st_mode, loadpath ? "$LOAD_PATH" : "PATH");
if (p) *p = '/';
return 0;
@@ -4091,5 +4092,5 @@ fpath_check(const char *path)
{
#ifndef DOSISH
- return path_check_0(rb_str_new2(path), Qfalse);
+ return path_check_0(rb_str_new2(path), Qtrue);
#else
return 1;
@@ -4097,6 +4098,6 @@ fpath_check(const char *path)
}

-int
-rb_path_check(const char *path)
+static int
+rb_pathlist_check(const char *path, int loadpath)
{
#ifndef DOSISH
@@ -4112,5 +4113,5 @@ rb_path_check(const char *path)

for (;;) {
- if (!path_check_0(rb_str_new(p0, p - p0), Qtrue)) {
+ if (!path_check_0(rb_str_new(p0, p - p0), loadpath)) {
return 0; /* not safe */
}
@@ -4124,4 +4125,16 @@ rb_path_check(const char *path)
}

+int
+rb_path_check(const char *path)
+{
+ return rb_pathlist_check(path, Qfalse);
+}
+
+int
+rb_loadpath_check(const char *path)
+{
+ return rb_pathlist_check(path, Qtrue);
+}
+
#if defined(__MACOS__) || defined(riscos)
static int
@@ -4203,6 +4216,8 @@ rb_find_file(VALUE path)

if (f[0] == '~') {
+ volatile VALUE prevent_from_gc = path;
path = rb_file_expand_path(path, Qnil);
if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) {
+ (void)prevent_from_gc;
rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
}
@@ -4249,7 +4264,9 @@ rb_find_file(VALUE path)
else {
lpath = RSTRING_PTR(tmp);
- if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
+#if 0
+ if (rb_safe_level() >= 1 && !rb_loadpath_check(lpath)) {
rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
}
+#endif
}
}
Index: intern.h
===================================================================
RCS file: /cvs/ruby/src/ruby/intern.h,v
retrieving revision 1.199
diff -p -u -2 -r1.199 intern.h
--- intern.h 31 Aug 2006 08:24:36 -0000 1.199
+++ intern.h 2 Sep 2006 06:48:03 -0000
@@ -326,4 +326,5 @@ VALUE rb_hash_delete_if(VALUE);
VALUE rb_hash_delete(VALUE,VALUE);
int rb_path_check(const char*);
+int rb_loadpath_check(const char*);
int rb_env_path_tainted(void);
/* io.c */

--
Nobu Nakada

Ryan Davis

9/6/2006 7:18:00 PM

On Aug 31, 2006, at 6:17 PM, Yukihiro Matsumoto wrote:

> That means you have world writable directory in your load path ($PATH)
> when you call external program (probably by using "system"). If you
> know what you are doing, you can shut the warning up by
>
> $VERBOSE=nil

I _like_ $VERBOSE and run it with everything but rails (because:
ugh). That said, on my mac mini, where all user directories are on a
separate disk, I get this warning constantly because of the
automounter directory /Volumes

% pwd
/Volumes/Users/ryan/
% ls -lad /Volumes/
drwxrwxrwt 6 root admin 204 Aug 27 20:44 /Volumes/
% cd /tmp; ruby -we '`/bin/ls`'
-e:1: warning: Insecure world writable dir /Volumes, mode 041777

this is because my PATH has /Volumes/Users/ryan/Bin but as you can
see above, the warning is irrelevant to the actual code being
executed, my pwd, or much of anything else. :/

$VERBOSE is valuable, very valuable... could we perhaps move this
warning to $DEBUG or only if $SAFE is set or something?

Ara.T.Howard

9/6/2006 8:19:00 PM

Yukihiro Matsumoto

9/6/2006 11:08:00 PM

Hi,

In message "Re: Insecure word writable dir?"
on Thu, 7 Sep 2006 05:18:34 +0900, ara.t.howard@noaa.gov writes:

|> $VERBOSE is valuable, very valuable... could we perhaps move this warning to
|> $DEBUG or only if $SAFE is set or something?
|
|i second that. it's the only reason i don't use $VERBOSE too.

We've changed the condition. World writable parent directories would
not cause warnings if they have sticky bits set. I am not sure if it
works on Windows as well.

matz.

Nobuyoshi Nakada

9/7/2006 5:15:00 AM

Hi,

At Thu, 7 Sep 2006 08:08:29 +0900,
Yukihiro Matsumoto wrote in [ruby-talk:213041]:
> We've changed the condition. World writable parent directories would
> not cause warnings if they have sticky bits set. I am not sure if it
> works on Windows as well.

The check is disabled on Windows.

I guess it should be disabled on Cygwin too.

Index: file.c
===================================================================
RCS file: /home/K8052/cvs/ruby/file.c,v
retrieving revision 1.248
diff -U 2 -p -u -r1.248 file.c
--- file.c 4 Sep 2006 20:49:52 -0000 1.248
+++ file.c 5 Sep 2006 08:43:05 -0000
@@ -4045,5 +4045,13 @@ is_absolute_path(const char *path)
}

-#ifndef DOSISH
+#ifndef ENABLE_PATH_CHECK
+# if defined DOSISH || defined __CYGWIN__
+# define ENABLE_PATH_CHECK 0
+# else
+# define ENABLE_PATH_CHECK 1
+# endif
+#endif
+
+#if ENABLE_PATH_CHECK
static int
path_check_0(VALUE path, int execpath)
@@ -4090,5 +4098,5 @@ static int
fpath_check(const char *path)
{
-#ifndef DOSISH
+#if ENABLE_PATH_CHECK
return path_check_0(rb_str_new2(path), Qfalse);
#else
@@ -4100,5 +4108,5 @@ int
rb_path_check(const char *path)
{
-#ifndef DOSISH
+#if ENABLE_PATH_CHECK
const char *p0, *p, *pend;
const char sep = PATH_SEP_CHAR;

--
Nobu Nakada

Yukihiro Matsumoto

9/7/2006 7:56:00 AM

Hi,

In message "Re: Insecure word writable dir?"
on Thu, 7 Sep 2006 14:14:38 +0900, "Nobuyoshi Nakada" <nobu@ruby-lang.org> writes:

|The check is disabled on Windows.
|
|I guess it should be disabled on Cygwin too.

Please commit.

matz.

comp.lang.ruby

Insecure word writable dir?

Joe Van Dyk

Ara.T.Howard

Yukihiro Matsumoto

Eric Hodel

Yukihiro Matsumoto

Nobuyoshi Nakada

Ryan Davis

Ara.T.Howard

Yukihiro Matsumoto

Nobuyoshi Nakada

Yukihiro Matsumoto

x Login to ForumsZone