-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Elliott Hughes on 1/5/2006 5:53 PM: > Ruby (on all Unixes, including Cygwin) warns if you try to run an external > program and your $PATH contains a world-writable directory. It doesn't just > check the directories on $PATH: it checks each of their parents, too, because > if /usr/local (say) is world-writeable, /usr/local/bin is subverted as easily > as if it were writeable itself.
World writable parent directories are not insecure if the sticky bit is set, since then the subdirectory can only be replaced by owners. Have you tried chmod a+t as an alternative to chmod o-w? I personally haven't used ruby to see what warnings it prints. > > Cygwin seems to ship with various directories world-writable, so you get > warnings if you run a Ruby script that runs external programs: It would be nice if setup.exe or the base-files postinstall would touch up standard directories with better permissions. Also, if you use ls --color with coreutils 5.93, insecure directories are given a different color to draw attention to them. - -- Life is short - so eat dessert first! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvncg84KuGfSFAYARAuv0AJ9eEIXMmTHq/rmICzW6/YOYRWYxkgCfZh9k MnM+JEqp6ZxcKWXl6JFdE8k= =V3Wl -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
