错误的"PATH中的不安全世界可写目录foo"运行Ruby脚本时 [英] Erroneous "Insecure world writable dir foo in PATH" when running ruby script

问题描述

当我运行一个ruby脚本时，它给了我这个:

When I run a ruby script, it gives me this:

[nathanb@nathanb-box ~] myscript .
/u/nathanb/bin/myscript:173: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:74: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:79: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777

此消息是错误的，因为/usr/software是只读安装的:

This message is erroneous, because /usr/software is mounted read-only:

software:/vol/software/  on  /usr/software             type  nfs         (ro,noatime,intr,rsize=32768,wsize=32768,timeo=600,nolock,addr=10.60.132.45,nfsvers=3,proto=tcp,mountproto=udp)

我可以验证这一点:

nathanb@nathanb-box /usr/software/test/bin] touch foo
touch: cannot touch `foo': Read-only file system

我相信我的挂载点具有正确的权限:

I believe my mount point has the correct permissions:

[nathanb@nathanb-box /usr] ls -ld /usr/software
drwxr-xr-x 27 root root 4096 2010-09-10 17:12 /usr/software

有两个问题:

• 可以合法地将其视为Ruby中的错误吗?
• 如何关闭此功能?有没有办法仅禁用此特定警告?

推荐答案

您可以使用

> ruby -W0 ...

但是，这可能掩盖了其他问题.而且您确实说过只希望隐藏该特定警告，并且我认为除了解决该问题外，没有其他方法可以解决此问题，我认为这是由于NFS安装未正确中继实际掩码而引起的.当我在具有NFS的Linux上挂载非Linux服务器时，会看到此消息.

But that may hide other issues. and you did say you want only that specific warning hidden, and I don't think there is a way to do it other than fix the issue, which I think is due to the NFS mount not properly relaying the actual mask. I see this when I mount a non-linux server on linux with NFS.

像snao服务器或不支持Unix样式属性的东西.

Like a snao server or something that does not support unix style attributes.

并且由于错误报告它不喜欢路径中的世界可写目录，您可以将其从路径中删除，并使用前缀来访问该目录中的任何内容吗?

Also as the error is reporting that it doesn't like the world writable directory in the path, could you remove it from the path, and use a prefix to access anything in that directory?

编辑...另一个想法是使用类似...的过滤器来过滤ruby脚本的输出.

EDIT... Another idea is to filter the output of your ruby script with something like...

> ruby ... | egrep -v "warning: Insecure world writable dir"

这将打印除特定警告以外的任何输出(-v).

That would print any output other (the -v) than the specific warning.

无论该警告是安全警告，在您的路径中都具有可写世界目录是一个坏主意，因为任何人都可以在其中放置恶意脚本或可执行文件.而且，拥有一个已挂载的bin目录同样很糟糕，尤其是您在PATH中无法控制的目录.在这种情况下，问题与目录是否可写无关，这是因为PATH中存在一个外部目录.

However the warning is a security warning, it is a bad idea to have a world writable directory in your path as anyone can put a malicious script or executable in there. And it is equally bad to have a mounted bin directory especially one you have no control over in your PATH. In this case the issue has nothing to do with whether the directory is writable or not, it is the fact there is a foreign directory in your PATH.

好的做法将指示您从PATH中删除该已安装目录，并且警告将消失.如果您需要执行该目录中的内容，请显式提供脚本或可执行文件的完整路径.

Good practices would dictate that you take that mounted directory out of your PATH and the warning will go away. If you need to execute something that is in that directory, then explicitly provide the full path to the script or executable.

这实际上不是Ruby问题，而是安全问题.

This is not really a Ruby issue but a security issue.

这篇关于错误的"PATH中的不安全世界可写目录foo"运行Ruby脚本时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！