当前位置: 文江博客话题详情

错误的“路径中的不安全世界可写 dir foo”运行 ruby​​ 脚本时

发布于 2024-11-02 07:10:37 字数 1076 浏览 1 评论 0原文

当我运行 ruby​​ 脚本时,它给出以下信息:

[nathanb@nathanb-box ~] myscript .
/u/nathanb/bin/myscript:173: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:74: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:79: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777

此消息是错误的,因为 /usr/software 是以只读方式安装的:

software:/vol/software/  on  /usr/software             type  nfs         (ro,noatime,intr,rsize=32768,wsize=32768,timeo=600,nolock,addr=10.60.132.45,nfsvers=3,proto=tcp,mountproto=udp)

我可以验证这一点:

nathanb@nathanb-box /usr/software/test/bin] touch foo
touch: cannot touch `foo': Read-only file system

我相信我的安装点具有正确的权限:

[nathanb@nathanb-box /usr] ls -ld /usr/software
drwxr-xr-x 27 root root 4096 2010-09-10 17:12 /usr/software

所以有两个问题:

  • 这个可以吗合理地被视为 Ruby 中的错误吗?
  • 我该如何闭嘴?有没有办法只禁用这个特定的警告?
原文

When I run a ruby script, it gives me this:

[nathanb@nathanb-box ~] myscript .
/u/nathanb/bin/myscript:173: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:74: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:79: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777

This message is erroneous, because /usr/software is mounted read-only:

software:/vol/software/  on  /usr/software             type  nfs         (ro,noatime,intr,rsize=32768,wsize=32768,timeo=600,nolock,addr=10.60.132.45,nfsvers=3,proto=tcp,mountproto=udp)

And I can verify this:

nathanb@nathanb-box /usr/software/test/bin] touch foo
touch: cannot touch `foo': Read-only file system

I believe my mount point has the correct permissions:

[nathanb@nathanb-box /usr] ls -ld /usr/software
drwxr-xr-x 27 root root 4096 2010-09-10 17:12 /usr/software

So two questions:

  • Could this legitimately be considered a bug in Ruby?
  • How do I shut this up? Is there a way to disable only this specific warning?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

屋檐 2024-11-09 07:10:37

我们在工作中遇到过这种情况,虽然修复权限会很好,但这在我们的环境中是不可能的。相反,我为 ruby​​ 创建了以下包装器脚本来抑制错误。

#!/bin/bash
(ruby.orig "$@" 3>&1 1>&2 2>&3 | grep -v 'Insecure world writable dir'; exit ${PIPESTATUS[0]}) 3>&1 1>&2 2>&3

只需将 ruby​​ 可执行文件重命名为 ruby​​.orig 并将此脚本放入 ruby​​ bin 目录中即可。

查看这个精彩的解释了解其工作原理。

此问题的另一个解决方案(避免使用包装器脚本)是在运行 ./configure 时设置 CPPFLAGS="-D ENABLE_PATH_CHECK=0" 来编译 Ruby。

We had this situation at work, and although it would be nice to just fix the permissions, that wasn't possible in our environment. Instead, I created the following wrapper script for ruby that suppresses the error.

#!/bin/bash
(ruby.orig "$@" 3>&1 1>&2 2>&3 | grep -v 'Insecure world writable dir'; exit ${PIPESTATUS[0]}) 3>&1 1>&2 2>&3

Just rename the ruby executable to ruby.orig and drop this script into the ruby bin directory in it's place.

See this excellent explanation for how this works.

Another fix for this issue (which avoids the wrapper script) is to compile Ruby with CPPFLAGS="-D ENABLE_PATH_CHECK=0" set when you run ./configure.

回复 原文
梦行七里 2024-11-09 07:10:37

您可以关闭所有警告,

> ruby -W0 ...

但这可能会隐藏其他问题。而且您确实说过您只想隐藏特定的警告,而且我认为除了解决问题之外没有其他方法可以做到这一点,我认为这是由于 NFS 安装没有正确中继实际掩码。当我使用 NFS 在 Linux 上安装非 Linux 服务器时,我看到了这一点。

比如snao服务器或者不支持unix风格属性的东西。

另外,由于错误报告它不喜欢路径中的世界可写目录,您可以将其从路径中删除,并使用前缀来访问该目录中的任何内容吗?

编辑...
另一个想法是使用类似...的内容来过滤 ruby​​ 脚本的输出,

> ruby ... | egrep -v "warning: Insecure world writable dir"

这将打印除特定警告之外的任何输出(-v)。

然而,该警告是一个安全警告,在您的路径中拥有一个世界可写目录是一个坏主意,因为任何人都可以在其中放置恶意脚本或可执行文件。同样糟糕的是安装了一个 bin 目录,尤其是你在 PATH 中无法控制的目录。在这种情况下,问题与目录是否可写无关,而是您的 PATH 中有一个外部目录。

好的做法是,将挂载的目录从 PATH 中删除,警告就会消失。如果您需要执行该目录中的某些内容,请显式提供脚本或可执行文件的完整路径。

这实际上并不是 Ruby 问题,而是安全问题。

You could shut off all warnings with

> ruby -W0 ...

But that may hide other issues. and you did say you want only that specific warning hidden, and I don't think there is a way to do it other than fix the issue, which I think is due to the NFS mount not properly relaying the actual mask. I see this when I mount a non-linux server on linux with NFS.

Like a snao server or something that does not support unix style attributes.

Also as the error is reporting that it doesn't like the world writable directory in the path, could you remove it from the path, and use a prefix to access anything in that directory?

EDIT...
Another idea is to filter the output of your ruby script with something like...

> ruby ... | egrep -v "warning: Insecure world writable dir"

That would print any output other (the -v) than the specific warning.

However the warning is a security warning, it is a bad idea to have a world writable directory in your path as anyone can put a malicious script or executable in there. And it is equally bad to have a mounted bin directory especially one you have no control over in your PATH. In this case the issue has nothing to do with whether the directory is writable or not, it is the fact there is a foreign directory in your PATH.

Good practices would dictate that you take that mounted directory out of your PATH and the warning will go away. If you need to execute something that is in that directory, then explicitly provide the full path to the script or executable.

This is not really a Ruby issue but a security issue.

回复 原文
深空失忆 2024-11-09 07:10:37

警告。

def suppress_warnings
  original_verbosity = $VERBOSE
  $VERBOSE = nil
  result = yield
  $VERBOSE = original_verbosity
  return result
end

您可以编写一个方法来抑制irb 中的

irb(main):001:0> def suppress_warnings
irb(main):002:1>   original_verbosity = $VERBOSE
irb(main):003:1>   $VERBOSE = nil
irb(main):004:1>   result = yield
irb(main):005:1>   $VERBOSE = original_verbosity
irb(main):006:1>   return result
irb(main):007:1> end
=> nil
irb(main):008:0> Y = :foo
=> :foo
irb(main):009:0> Y = :bar
(irb):9: warning: already initialized constant Y
=> :bar
irb(main):010:0> suppress_warnings { Y = :foo }
=> :foo
irb(main):011:0>

当然,您必须知道警告来自哪里并将其包装在一个方法中。

You can write a method that will suppress the warnings

def suppress_warnings
  original_verbosity = $VERBOSE
  $VERBOSE = nil
  result = yield
  $VERBOSE = original_verbosity
  return result
end

In irb

irb(main):001:0> def suppress_warnings
irb(main):002:1>   original_verbosity = $VERBOSE
irb(main):003:1>   $VERBOSE = nil
irb(main):004:1>   result = yield
irb(main):005:1>   $VERBOSE = original_verbosity
irb(main):006:1>   return result
irb(main):007:1> end
=> nil
irb(main):008:0> Y = :foo
=> :foo
irb(main):009:0> Y = :bar
(irb):9: warning: already initialized constant Y
=> :bar
irb(main):010:0> suppress_warnings { Y = :foo }
=> :foo
irb(main):011:0>

Of course, you'll have to know where the warnings is coming from and wrap it in a method.

回复 原文
~没有更多了~

关于作者

马蹄踏│碎落叶

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文