[TxMt] Todo Bundle: Strange Errors

[Allan Odgaard]

On 09/10/2007, at 19:36, Soryu wrote:

> [...]
> The command (which is written in ruby) invokes the `file` (/usr/bin/ 
> file) Utility at that line, which it what generates the warning. It  
> seems to have some built-in magic to detect that some directory is  
> world writable (chmod a+w) when it should not. [...]

This is a ‘feature’ built into Ruby. Each time you run a shell command  
from Ruby, it will check every folder in PATH (and every ancestor to  
that folder) for being world-writable and issue a warning if so.  
Here’s a simple way to reproduce it:

    mkdir -p /tmp/foo; chmod a+w /tmp/foo; PATH="$PATH:/tmp/foo" ruby - 
e'`true`'

A world-writable folder in the PATH allows a malicious user (with  
access to the system) to place executables in that folder, which may  
then be executed instead of what the user intended (so a way to get  
the user to start trojans). But it is not Ruby’s place to complain  
about this -- personally I had a setup where all my applications were  
on a network drive (connected to my base station), which the OS mounts  
as world-writable, so I was getting this “warning” from Ruby all the  
time.