On 09/10/2007, at 19:36, Soryu wrote:
[...] The command (which is written in ruby) invokes the `file` (/usr/bin/ file) Utility at that line, which it what generates the warning. It seems to have some built-in magic to detect that some directory is world writable (chmod a+w) when it should not. [...]
This is a ‘feature’ built into Ruby. Each time you run a shell command from Ruby, it will check every folder in PATH (and every ancestor to that folder) for being world-writable and issue a warning if so. Here’s a simple way to reproduce it:
mkdir -p /tmp/foo; chmod a+w /tmp/foo; PATH="$PATH:/tmp/foo" ruby - e'`true`'
A world-writable folder in the PATH allows a malicious user (with access to the system) to place executables in that folder, which may then be executed instead of what the user intended (so a way to get the user to start trojans). But it is not Ruby’s place to complain about this -- personally I had a setup where all my applications were on a network drive (connected to my base station), which the OS mounts as world-writable, so I was getting this “warning” from Ruby all the time.