Issue #4930 has been updated by Yui NARUSE.


I confirmed this on FreeBSD...
----------------------------------------
Bug #4930: $prefix/lib/ruby/gems and its subdirs are world writable
http://redmine.ruby-lang.org/issues/4930

Author: Sakuro OZAWA
Status: Assigned
Priority: Normal
Assignee: Ryan Davis
Category: 
Target version: 
ruby -v: ruby 1.9.3dev (2011-06-26 trunk 32231) [x86_64-darwin10.8.0]


=begin
 $ sudo rm -rf /usr/local/lib/ruby
 $ umask
 022
 $ sudo sh -c umask
 0022
 $ sudo make install-nodoc
 ./miniruby -I../lib -I. -I.ext/common  ../tool/rbinstall.rb --make="make" --dest-dir="" --extout=".ext" --mflags="" --make-flags="" --data-mode=0644 --prog-mode=0755 --installed-list .installed.list --mantype="doc"
 installing binary commands:   /usr/local/bin
 installing base libraries:    /usr/local/lib
 <snip>
 installing default gems:      /usr/local/lib/ruby/gems/1.9.1 (cache, doc, gems, specifications)
 rake 0.9.2
 rdoc 3.7
 minitest 2.2.2
 json 1.5.0
=end

Now let's examine permissions.

=begin
 $ ls -l /usr/local/lib/ruby
 total 0
 drwxr-xr-x 112 root wheel 3808 2011-06-26 18:31 1.9.1
 drwxrwxrwx   3 root wheel  102 2011-06-26 18:31 gems
 drwxr-xr-x   3 root wheel  102 2011-06-26 18:31 site_ruby
 drwxr-xr-x   3 root wheel  102 2011-06-26 18:31 vendor_ruby
 $ gfind /usr/local/lib/ruby -type d -perm /022
 /usr/local/lib/ruby/gems
 /usr/local/lib/ruby/gems/1.9.1
 /usr/local/lib/ruby/gems/1.9.1/cache
 /usr/local/lib/ruby/gems/1.9.1/doc
 /usr/local/lib/ruby/gems/1.9.1/gems
 /usr/local/lib/ruby/gems/1.9.1/specifications
=end

I don't think these directories should be writable by anyone.



-- 
http://redmine.ruby-lang.org