Bug #7784

[mingw] r39055 creates test failures and functionality loss

Added by Jon Forums about 2 years ago. Updated about 2 years ago.

[ruby-core:51864]
Status:Closed
Priority:Normal
Assignee:Eric Hodel
ruby -v:ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32] Backport:

Description

The r39055 patch for rubygems security (lib/rubygems/config_file.rb) causes 11 make test-all failures

http://ci.rubyinstaller.org/job/ruby-trunk-x64-test-all/659/console

and loss of gem command functionality due to typical default windows file permissions on one's rubygems.org credentials file:

C:\>ruby --version
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]

C:\>gem --version
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

C:\>gem list
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

If you try changing the file to read-only in the gui, ruby thinks the permissions are:

>> File.stat('credentials').mode.to_s(8)[2..5]
=> "0444"

which still causes usage failures. I've removed all users/group permissions except my own (from the windows security tab gui) on win7, but the failure continues. Spelunking...

Associated revisions

Revision 39133
Added by Usaku NAKAMURA about 2 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

Revision 39133
Added by Usaku NAKAMURA about 2 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

History

#1 Updated by Jon Forums about 2 years ago

it doesn't solve the issue, but why is the permissions check not being isolated to only gem push?

#2 Updated by Luis Lavena about 2 years ago

  • Status changed from Open to Assigned

#3 Updated by Eric Hodel about 2 years ago

  • Status changed from Assigned to Closed

Fixed by r39070 which removes the check on windows. If writing a file as 0600 works on windows someday we can reintroduce it.

Credentials are loaded when .gemrc is loaded. Changing when credentials are loaded is too risky.

#4 Updated by Usaku NAKAMURA about 2 years ago

  • Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

#5 Updated by Eric Hodel about 2 years ago

On Feb 7, 2013, at 04:12, "usa (Usaku NAKAMURA)" usa@garbagecollect.jp wrote:

Issue #7784 has been updated by usa (Usaku NAKAMURA).

Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

Done!

#6 Updated by Eric Hodel about 2 years ago

  • Status changed from Assigned to Closed

Also available in: Atom PDF