On Fri, 24 Mar 2006, Ryan Davis wrote: > > On Mar 23, 2006, at 7:24 PM, ara.t.howard / noaa.gov wrote: > >> i'm just about to write a server which sends 1-3gb images as the >> response... >> this could be quite useful. >> >> one gripe. it doesn't work: >> >> /home/ahoward is insecure (40777), needs 0700 for perms. Exiting >> >> i work in a collaborative lab... all our home dirs are group readable by >> default. any way to adjust this? an env var perhaps? seems like this >> should >> just warn. > > Your home dir is world and group writable, not just group readable. There is > a big big big difference between those two. There is no way I'm going to let > it just warn in that case. However, you do point out that the error message > poor. I've changed the error message to: > > "#{path} is insecure (#{'%o' % mode}). It may not be group or world > writable. Exiting." i totally understand what you are saying. however i dont' see why a ruby lib should be more secure that ruby itself: fortytwo :/tmp > ls -ltar /|grep tmp drwxrwxrwt 21 root root 815104 Mar 24 07:41 tmp fortytwo :/tmp > echo 'puts 42' > a.rb fortytwo :/tmp > chmod 777 a.rb fortytwo :/tmp > ruby -W2 -e' $SAFE = 0; load "a.rb"' 42 it sure seems fine loading world writable files from world writable directories... unless you set $SAFE above the default: fortytwo :/tmp > ruby -W2 -e' $SAFE = 1; load "a.rb"' -e:1: warning: Insecure world writable dir /usr/local, mode 040777 -e:1:in `load': loading from unsafe path /usr/local/ruby-1.8.4/lib/ruby/site_ruby/1.8:/usr/local/ruby-1.8.4/lib/ruby/site_ruby/1.8/i686-linux:/usr/local/ruby-1.8.4/lib/ruby/site_ruby:/usr/local/ruby-1.8.4/lib/ruby/1.8:/usr/local/ruby-1.8.4/lib/ruby/1.8/i686-linux:. (SecurityError) from -e:1 this seems sufficient and allows stupid people like me to shoot their own foot off if they choose. does RubyInline really need more that this : do nothing unless not $SAFE.nil? and $SAFE > 0? regards. -a -- share your knowledge. it's a way to achieve immortality. - h.h. the 14th dali lama