[gobolinux-users] Errors running Freshen from some directories

[Michael Homer]

On 1/30/07, Hi There <goboster at yahoo.com> wrote:
> Freshen (2.0) is giving me a bunch of errors when I
> run it from a root shell whose current directory is
> /System/Kernel/Devices but runs fine from /
"Don't do that then" is the phrase that springs to mind.
> I don't think Freshen (especially the tasks I was
> running) should be current-directory dependent.
>
> Here's the output:
>
> root at Home /System/Kernel/Devices]Freshen --info
> gfxboot
> /System/Links/Executables/Freshen:7: warning: Insecure
> world writable dir /System/Kernel/Devices/., mode
> 041777
It's ruby's doing; there's nothing I can do about it. The message
occurs if you have a world-writable directory in your PATH; in this
case, . (which really shouldn't be there anyway).

The reasoning behind it is that it's insecure and anybody could have
added executables or libraries there that could be loaded. On a
single-user system, it's unlikely to be a problem, but if anybody else
has access it's dangerous. Especially as root.

There are four workarounds:
1) `chmod o-w . ..` - but there's probably a good reason that /S/K/D
is 777 (I don't know). The .. is needed because it also checks the
parent directory's permissions; if /usr is compromised replacing
/usr/bin is just as simple.
2) Don't run it there. This might be best, since Freshen's in no way
dependent on $PWD so there's no reason to run it somewhere
problematic.
3) Somewhere ahead of /S/L/E in your path (~/bin if you have it,
/usr/local in other distros, etc) create a script as follows and chmod
755 it:
#!/bin/bash
cd
Freshen "$@"
# End script
4) Or, the best option: Take . out of your PATH. . should really never
be in PATH, especially for root.
-Michael