At Fri, 12 May 2006 14:34:05 +0200, Marc Lehmann wrote: > > On Thu, May 11, 2006 at 11:03:21AM -0700, Debian Bug Tracking System <[EMAIL > PROTECTED]> wrote: > > It has been closed by one of the developers, namely > > Fumitoshi UKAI <[EMAIL PROTECTED]>. > > I think that was way too fast :( > > > Subject: Re: Bug#335779: /usr/lib/ruby/1.8/debian.rb:77: warning: Insecure > > world writable dir /tmp/., mode 041777 > > > If this indeed is a valid warning, this would probably indicate a bug, as > > > using /tmp in an insecure way is not a problem of /tmp permissions, but of > > > program logic. > > > > I think this is because of your wrong PATH settings. > > "." is a perfectly acceptable and valid component for $PATH. > > There is nothing "wrong" about it as you wrongly :) imply...
http://lists.debian.org/debian-policy/2005/03/msg00075.html http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html Try to limit the command path for the root user as much as possible, and never include . (which means "the current directory") in your PATH. Regards, Fumitoshi UKAI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
