Gem installs many of its files as world writable #14
Comments
|
oh, thank you for pointing it out! I'll deal with it soon. |
Fixed by re-packing as 0.2.7. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First, thank you for your work on this gem!
It seems version 0.2.6 installs a number of files as world writable. This is is bad security practice and is causing one of our server hardening checks which searches for world writable files to fail.
These permissions are not part of the git repo so I'm guessing this is happening during gem packaging somehow.
Steps to reproduce
$ wget https://rubygems.org/downloads/capistrano-locally-0.2.0.gem $ gem unpack ./capistrano-locally-0.2.6.gem Unpacked gem: '/Users/eoinkelly/Downloads/capistrano-locally-0.2.6' $ tree -p ./capistrano-locally-0.2.6 ./capistrano-locally-0.2.6 ├── [-rw-rw-rw-] Gemfile ├── [-rw-rw-rw-] LICENSE.txt ├── [-rw-r--r--] README.md ├── [-rw-rw-rw-] Rakefile ├── [drwxr-xr-x] bin │ ├── [-rwxrwxrwx] console │ └── [-rwxrwxrwx] setup ├── [-rw-r--r--] capistrano-locally.gemspec └── [drwxr-xr-x] lib └── [drwxr-xr-x] capistrano ├── [drwxr-xr-x] locally │ └── [-rw-rw-rw-] version.rb └── [-rw-r--r--] locally.rb 4 directories, 9 filesNotice that the following files are world writable:
The text was updated successfully, but these errors were encountered: