Anyone knows this warning?

Discussion in 'Ruby' started by Zhao Yi, Jan 6, 2009.

  1. Zhao Yi

    Zhao Yi Guest

    When my ruby runs an external program, it will get this warning:
    warning: Insecure world writable dir SOMEDIR

    I have checked the SOMEDIR and its permission mode is 777. Does anyone
    know this warning? How can I avoid this?

    thanks
    --
    Posted via http://www.ruby-forum.com/.
     
    Zhao Yi, Jan 6, 2009
    #1
    1. Advertising

  2. Zhao Yi wrote:
    > When my ruby runs an external program, it will get this warning:
    > warning: Insecure world writable dir SOMEDIR
    >
    > I have checked the SOMEDIR and its permission mode is 777.


    Which means it's world-writable, as the warning says. In octal:

    7 7 7
    111 111 111
    rwx rwx rwx (user, group, world)

    The warning comes from path_check_0 in file.c, which in turn is called
    from rb_path_check, which checks each of the directories in your PATH.

    It's basically saying: when you do system("foo"), one of your PATH
    directories is world writable, so any random user on your system could
    have installed their own "foo" executable which does whatever they like
    (e.g. changing your password, or mailing your pr0n collection to your
    girlfriend :)

    > How can I avoid this?


    man chmod
    --
    Posted via http://www.ruby-forum.com/.
     
    Brian Candler, Jan 6, 2009
    #2
    1. Advertising

  3. Zhao Yi

    Zhao Yi Guest

    Brian Candler wrote:
    >
    > Which means it's world-writable, as the warning says. In octal:
    >
    > 7 7 7
    > 111 111 111
    > rwx rwx rwx (user, group, world)
    >
    > man chmod


    why does ruby check its permission? I do want this path writable. how
    can I disable this warning?
    --
    Posted via http://www.ruby-forum.com/.
     
    Zhao Yi, Jan 6, 2009
    #3
  4. Zhao Yi wrote:
    > why does ruby check its permission?


    Because not heeding this warning is approximately the same as posting
    your password in clear text to all users on the system.

    Even if you have no other users on your system, if someone happens to
    break in (e.g. through your web server or mail server), and gets a shell
    running as any daemon user, they can exploit this hole to run any script
    as *your* userid.

    > I do want this path writable. how
    > can I disable this warning?


    I already pointed you at file.c. You will find a #if check in there,
    which lets you recompile ruby with this check disabled.

    I'm not going to hint further. If you are smart enough to understand
    fully the consequences of disabling this check, then you a smart enough
    to read the configure script and recompile ruby with this check
    disabled.
    --
    Posted via http://www.ruby-forum.com/.
     
    Brian Candler, Jan 6, 2009
    #4
  5. On Tue 6.Jan'09 at 18:14:05 +0900, Zhao Yi wrote:
    > Brian Candler wrote:
    > >
    > > Which means it's world-writable, as the warning says. In octal:
    > >
    > > 7 7 7
    > > 111 111 111
    > > rwx rwx rwx (user, group, world)
    > >
    > > man chmod

    >
    > why does ruby check its permission?


    Why not? Ruby is letting you know that something bad can happen.

    > I do want this path writable. how can I disable this warning?


    ruby -W0 /path/to/your_script

    -drd
     
    David Rio Deiros, Jan 7, 2009
    #5
  6. Zhao Yi

    Tim Greer Guest

    Zhao Yi wrote:

    > When my ruby runs an external program, it will get this warning:
    > warning: Insecure world writable dir SOMEDIR
    >
    > I have checked the SOMEDIR and its permission mode is 777. Does anyone
    > know this warning? How can I avoid this?
    >
    > thanks


    World read, write and execute is a bad thing if you're on a shared
    server with other users. Any good system will error and prevent it
    from running, instead of blindling running it. Else you risk issues
    where another user on the system can write to your files/directories,
    destroy, modify or delete your valuable data, as well as open
    exploitable potentials. If this is your own server and you don't share
    it with any other users (or other users you can't trust), then you can
    remove that check if you wish. Still, even when running with a lower
    privileged user instead of your own for better protection (if you run
    insecure scripts or you aren't able to ensure they are secure), it
    still shouldn't need world write/execute.
    --
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    Industry's most experienced staff! -- Web Hosting With Muscle!
     
    Tim Greer, Jan 7, 2009
    #6
  7. Zhao Yi

    Ryan Masters Guest

    Zhao Yi wrote:
    > When my ruby runs an external program, it will get this warning:
    > warning: Insecure world writable dir SOMEDIR
    >
    > I have checked the SOMEDIR and its permission mode is 777. Does anyone
    > know this warning? How can I avoid this?
    >
    > thanks


    I understand that you want this directory to be world-writable, so this
    is probably not much use for your current situation, but handy to know
    nonetheless. You may want to configure a group, see /etc/groups, man
    groups, or man chgrp instead of having it be world-writable.

    With that aside, there are two ways to modify the permissions for files
    and directories. In essence, it's by name or by number. Using the names
    is better when beginning. See man chmod for more details.

    Basically, you can use the syntax 'chmod <which_access_level><+ or
    -><which_access_type>'.

    <which_access_level> would be one of the following {a,u,g,o} where a is
    all (user group and other), u is user, g is group, and o is other
    (typically everyone else).

    <+ or -> is a boolean true or false for turning on or off the permission.

    <which_access_type> would be {r,w,x} where r is read, w is write, and x
    is execute.

    So for example, if you wanted to remove the read ability for everyone
    except the user and group, you would use:

    chmod o-r test-file.txt

    You can group them as well, so the following is valid for adding write
    ability for the user and group:

    chmod ug+r test-file.txt

    The a for access level is a shortcut for all three. So to remove all
    types ability to execute a file:

    chmod a-x test-file.txt

    Also, you will probably want to check into man chown for how to change
    the user attribute for a specific file or set.

    Hope that helps.

    Best regards,
    Ryan Masters
    End Point Corp.
     
    Ryan Masters, Jan 7, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ersin Gençtürk
    Replies:
    4
    Views:
    578
    Ersin Gençtürk
    Jun 30, 2003
  2. sincethe2003
    Replies:
    6
    Views:
    2,472
    sincethe2003
    Jul 19, 2004
  3. Karl Seguin
    Replies:
    3
    Views:
    548
    bruce barker
    Oct 25, 2004
  4. Alan Ho
    Replies:
    15
    Views:
    4,070
  5. Shapper
    Replies:
    1
    Views:
    580
    John Timney \( MVP \)
    Oct 13, 2005
Loading...

Share This Page