Insecure world writable dir /tmp in LOAD_PATH
Greetings,
I get the following failure when building latest ruby-fast-gettext
with cowbuilder:
1) FastGettext::TranslationRepository::Mo can work in SAFE mode
Failure/Error: Unable to find matching line from backtrace
expected: "true"
got: "./lib/fast_gettext/translation_repository.rb:12:
warning: Insecure world writable dir /tmp in LOAD_PATH, mode
041777\n./lib/fast_gettext/translation_repository.rb:12:in `require':
loading from unsafe file lib/fast_gettext/translation_repository/mo.rb
(SecurityError)\n\tfrom
./lib/fast_gettext/translation_repository.rb:12:in `build'\n\tfrom
spec/cases/safe_mode_can_handle_locales.rb:4\n" (using ==)
Diff:
@@ -1,2 +1,5 @@
-true
+./lib/fast_gettext/translation_repository.rb:12: warning:
Insecure world writable dir /tmp in LOAD_PATH, mode 041777
+./lib/fast_gettext/translation_repository.rb:12:in `require':
loading from unsafe file lib/fast_gettext/translation_repository/mo.rb
(SecurityError)
+ from ./lib/fast_gettext/translation_repository.rb:12:in `build'
+ from spec/cases/safe_mode_can_handle_locales.rb:4
# ./spec/fast_gettext/translation_repository/mo_spec.rb:31
As far as I understand, cowbuilder puts the whole source code tree
under /tmp, and then:
1: $LOAD_PATH.unshift 'lib'
2: require 'fast_gettext'
3: $SAFE = 1
4: rep = FastGettext::TranslationRepository.build('safe_test',:path=>File.join('spec','locale'))
At (1) a directory under /tmp is added to LOAD_PATH. This works at (2)
because we're not in the SAFE mode yet, but at (3), a dynamic require
for mo.rb triggers a warning and a SecurityError.
Can anyone suggest a way to work around this problem without defeating
the whole purpose of the test?
--
Dmitry Borodaenko
Reply to: