From owner-freebsd-questions@FreeBSD.ORG  Wed Apr  5 19:11:29 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7164016A420
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Apr 2006 19:11:29 +0000 (UTC) (envelope-from drosih@rpi.edu)
Received: from smtp2.server.rpi.edu (smtp2.server.rpi.edu [128.113.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0FAA443D49
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Apr 2006 19:11:24 +0000 (GMT) (envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by smtp2.server.rpi.edu (8.13.1/8.13.0) with ESMTP id k35JBLd4013246;
	Wed, 5 Apr 2006 15:11:23 -0400
Mime-Version: 1.0
Message-Id: <p06230941c059d3bcf1b9@[128.113.24.47]>
In-Reply-To: <4433C86A.2060106@lintoo.dk>
References: <4433C86A.2060106@lintoo.dk>
Date: Wed, 5 Apr 2006 15:11:20 -0500
To: Jonas Jacobsen <jonas@lintoo.dk>, freebsd-questions@freebsd.org
From: Garance A Drosihn <drosih@rpi.edu>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-CanItPRO-Stream: default
X-RPI-SA-Score: undef - spam-scanning disabled
X-Scanned-By: CanIt (www . canit . ca) on 128.113.2.2
Cc: 
Subject: Re: Portupgrade & Ruby | warning: Insecure world
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2006 19:11:29 -0000

At 3:38 PM +0200 4/5/06, Jonas Jacobsen wrote:
>When i use portupgrade, i get this Warning all the time
>
>/usr/local/lib/ruby/site_ruby/1.8/pkgtools.rb:980:
>     warning: Insecure world writable dir /tmp, mode 041777
>
>have any of you seen that warning before,? and do you
>know how to make it go away ?

This comes from a recent security-minded change made
to ruby.  Your PATH references something in /tmp, and
since other userids *could* change things in /tmp,
this is warning that you might have a security problem.

I think several ruby users have found this recent change
is perhaps a bit over-zealous in it's warning.  Which is
to say, "it is annoying".

You could change your setting of PATH to avoid this.
Perhaps the pkgtools.rb script could be changed to
automatically change the PATH, but in this case it
would have no idea *why* you reference some directory
under /tmp in your PATH.  So it's probably a bad idea
for the script to change the value.

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu