On 18 Dec 2011, at 09:06, Phil Dobbin wrote:
Ruby is complaining about /usr/local, not the folders you mention.
[…] are you saying that Ruby is complaining about /usr/local regardless?
This is the error you quoted: “Insecure world writable dir /usr/local in PATH”.
What this means is:
1. The folder ‘/usr/local’ is “world writable”. This means that any user on your system (incl. guest) can write to that folder. 2. The folder ‘/usr/local’ is in your PATH. This means that when you e.g. type ‘ls’ in a terminal, the system will look for ‘ls’ in ‘/usr/local’. 3. This is insecure because say I get access to your machine (e.g. guest accont login) I can put a script called ‘ls’ which will then be called (later) by a more trusted user, and so I can bootstrap the attack from a simple guest-login to root.
To fix this you do one of the following:
- Run this line in terminal: sudo chmod go-w /usr/local - Remove ‘/usr/local’ from your PATH.
I hope this clears up your confusion.