Projects

Ticket #28 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Framework install creates world-writeable directories.

Reported by: alloye@… Owned by: lsansonetti@…
Priority: blocker Milestone: MacRuby 0.1
Component: MacRuby Keywords:
Cc:

Description

In r67/trunk, the framework install creates world-writeable directories. This is a potential security risk. 

[MacRuby]: ls -lR /Library/Application\ Support/ | grep drwxrwxrwx
drwxrwxrwx  3 root  admin  102 Mar 11 14:32 Developer
drwxrwxrwx  3 root  admin  102 Mar 11 14:32 3.0
drwxrwxrwx  3 root  admin  102 Mar 11 14:32 Xcode
drwxrwxrwx  4 root  admin  136 Mar 11 14:32 Project Templates
drwxrwxrwx  4 root  admin  136 Mar 11 14:32 Application
drwxrwxrwx  8 root  admin  272 Mar 11 14:32 MacRuby Application
drwxrwxrwx  5 root  admin  170 Mar 11 14:32 English.lproj
drwxrwxrwx  5 root  admin  170 Mar 11 14:32 MacRubyApp.xcodeproj
drwxrwxrwx  5 root  admin  170 Mar 11 14:32 MainMenu.nib

[MacRuby]: ls -lR /Library/Frameworks/MacRuby.framework/ | grep drwxrwxrwx
drwxrwxrwx  4 root  admin  136 Mar 11 14:32 Resources
drwxrwxrwx  3 root  admin  102 Mar 11 14:32 English.lproj

[MacRuby]: ls -l /usr/local/ | grep drwxrwxrwx
drwxrwxrwx  10 root  wheel  340 Mar 11 14:32 bin

Change History

Changed 2 years ago by lsansonetti@…

Ouch!

Changed 2 years ago by lsansonetti@…

Could you check r69/trunk? I think it should be fine now, except perhaps some sub-directories in the Xcode template repository (but I can't reproduce anything bad in my environment anymore).

Changed 2 years ago by alloye@…

Starting clean with r70/trunk, I'm happy to report that /Library/Frameworks/MacRuby.framework/* and /usr/local/bin now have the expected mode. However, the Xcode templates are still a problem: 

[MacRuby]: ll -R /Library/Application\ Support/Developer/ | grep drwxrwxrwx
drwxrwxrwx  3 root  admin  102 Mar 11 16:14 Project Templates
drwxrwxrwx  3 root  admin  102 Mar 11 16:14 Application
drwxrwxrwx  7 root  admin  238 Mar 11 16:14 MacRuby Application
drwxrwxrwx  4 root  admin  136 Mar 11 16:14 English.lproj
drwxrwxrwx  4 root  admin  136 Mar 11 16:14 MacRubyApp.xcodeproj
drwxrwxrwx  4 root  admin  136 Mar 11 16:14 MainMenu.nib

Changed 2 years ago by lsansonetti@…

  • status changed from new to closed
  • resolution set to fixed

Thanks for your patience, I managed to reproduce it and now it seems really fixed in r76/trunk. 

$ ls -lR /Library/Application\ Support/Developer/ | grep drwxrwxrwx$ 
$

Changed 2 years ago by lsansonetti@…

  • milestone changed from MacRuby 1.0 to MacRuby 0.1
Note: See TracTickets for help on using tickets.