[cvsspam-devel] Ruby with CVS and Ext/Ssh protocol and worldwritable /tmp dir

[David Holroyd]

On Tue, Nov 28, 2006 at 05:41:33PM -0700, McCullough, Ryan wrote:
> T rmccullough at bighorn:/{7}>ruby --version
> ruby 1.8.3 (2005-09-21) [i686-linux]
> 
> I don't remember if it fails or succeeds. I think it sends an email
> for each individual file in the check-in.

I think that the warnings are benign (though annoying).  Their
appearence should not effect the operation of CVSspam.

Googling for that message, I've seen suggestions that the warning may
not be produced in later releases of Ruby (the discussions are from
around September 2006, so I don't know if a Ruby release with this fix
is available yet).

It may be possible to silence the warning with your current Ruby install
by doing some shell-scripting to remove '.' from the path just before the
hook-script is invoked.  I'm not too sure though.  Maybe something like,

^ PATH=/bin:/usr/bin /path/to/cvsspam.rb ...

??

I know that on most systems I use, '.' isn't in the path though, and if
your system is the same, the above would make no difference :(


> > In S:\sqabas32_ie7: "C:\Program Files\TortoiseCVS\cvs.exe" -q commit 
> > -m "fix failing commit through ssh" TestAstrobot.rec 
> > CVSROOT=:ext:********@********:/home/cvs
> >  
> > Checking in TestAstrobot.rec;
> > /home/cvs/repo/rational/robot/sqabas32/TestAstrobot.rec,v  <-- 
> > TestAstrobot.rec new revision: 1.1.2.5; previous revision: 1.1.2.4 
> > done
> > /usr/local/lib/cvsspam/collect_diffs.rb:65: warning: Insecure world 
> > writable dir /tmp, mode 040777
> > /usr/local/lib/cvsspam/collect_diffs.rb:65: warning: Insecure world 
> > writable dir /tmp, mode 040777
> > /usr/local/lib/cvsspam/collect_diffs.rb:314: warning: Insecure world 
> > writable dir /tmp, mode 040777
> > /usr/local/lib/cvsspam/cvsspam.rb:1820: warning: Insecure world 
> > writable dir /tmp, mode 040777
> >  
> > Success, CVS operation completed



ta,
dave