On Wednesday 23 July 2014, 10:15:31, Jon Hart wrote:
> I can't help you fix this problem without seeing your code, but the p=
roblem
> is pretty straight forward and the warning message is not something t=
hat
> should be taken lightly. This warning occurs when your PATH contains
> something that is world writable and your Ruby code calls something l=
ike
> system(cmd) or other method whose behavior is impacted by PATH.  If P=
ATH
> contains a world writable location and the command that you are tryin=
g to
> execute can be found in that world writable location before its legit=
imate,
> (hopefully) non-world-writable location, your ruby code will end up
> executing potentially malicious code.

Again, I guess this is a feature of zsh:

```
[eveith@kazumi:~]% irb
irb(main):001:0> system("date")
(irb):1: warning: Insecure world writable dir /tmp/foo in PATH, mode 04=
0777
Mi 23. Jul 20:09:01 CEST 2014
=3D> true
irb(main):002:0> system("/bin/bash", "date")
/usr/bin/date: /usr/bin/date: Kann die Datei nicht ausf=FChren.
=3D> false
irb(main):003:0> system("/bin/bash", "-c", "date")
Mi 23. Jul 20:09:22 CEST 2014
=3D> true
irb(main):004:0>
[eveith@kazumi:~]% /bin/bash -c "echo $PATH"
/tmp/foo:(...omitted...)
```


Cheers,
Eric