Project

General

Profile

Bug #7784

[mingw] r39055 creates test failures and functionality loss

Added by jonforums (Jon Forums) over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
drbrain (Eric Hodel)
Target version:
2.0.0
ruby -v:
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]
Backport:
2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN
[ruby-core:51864]

Description

The r39055 patch for rubygems security (lib/rubygems/config_file.rb) causes 11 make test-all failures

http://ci.rubyinstaller.org/job/ruby-trunk-x64-test-all/659/console

and loss of gem command functionality due to typical default windows file permissions on one's rubygems.org credentials file:

C:\>ruby --version
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]

C:\>gem --version
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

C:\>gem list
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

If you try changing the file to read-only in the gui, ruby thinks the permissions are:

>> File.stat('credentials').mode.to_s(8)[2..5]
=> "0444"

which still causes usage failures. I've removed all users/group permissions except my own (from the windows security tab gui) on win7, but the failure continues. Spelunking...

Associated revisions

Revision 39133
Added by usa (Usaku NAKAMURA) over 4 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

Revision 39133
Added by usa (Usaku NAKAMURA) over 4 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

Revision 39133
Added by usa (Usaku NAKAMURA) over 4 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

Revision 39133
Added by usa (Usaku NAKAMURA) over 4 years ago

  • test/rubygems/test_gem_config_file.rb (TestGemConfigFile#test_check_credentials_permissions): skip on Windows. see [Bug #7784] and r39070.

History

#1 [ruby-core:51865] Updated by jonforums (Jon Forums) over 4 years ago

it doesn't solve the issue, but why is the permissions check not being isolated to only gem push?

#2 [ruby-core:51873] Updated by luislavena (Luis Lavena) over 4 years ago

  • Status changed from Open to Assigned

#3 [ruby-core:51881] Updated by drbrain (Eric Hodel) over 4 years ago

  • Status changed from Assigned to Closed

Fixed by r39070 which removes the check on windows. If writing a file as 0600 works on windows someday we can reintroduce it.

Credentials are loaded when .gemrc is loaded. Changing when credentials are loaded is too risky.

#4 [ruby-core:51980] Updated by usa (Usaku NAKAMURA) over 4 years ago

  • Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

#5 [ruby-core:52007] Updated by drbrain (Eric Hodel) over 4 years ago

On Feb 7, 2013, at 04:12, "usa (Usaku NAKAMURA)" usa@garbagecollect.jp wrote:

Issue #7784 has been updated by usa (Usaku NAKAMURA).

Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

Done!

#6 [ruby-core:52229] Updated by drbrain (Eric Hodel) over 4 years ago

  • Status changed from Assigned to Closed

Also available in: Atom PDF