Project

General

Profile

Actions

Bug #7784

closed

[mingw] r39055 creates test failures and functionality loss

Added by jonforums (Jon Forums) about 11 years ago. Updated about 11 years ago.

Status:
Closed
Target version:
ruby -v:
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]
Backport:
[ruby-core:51864]

Description

The r39055 patch for rubygems security (lib/rubygems/config_file.rb) causes 11 make test-all failures

http://ci.rubyinstaller.org/job/ruby-trunk-x64-test-all/659/console

and loss of gem command functionality due to typical default windows file permissions on one's rubygems.org credentials file:

C:\>ruby --version
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]

C:\>gem --version
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

C:\>gem list
ERROR:  Your gem push credentials file located at:

        C:/Users/Jon/.gem/credentials

has file permissions of 0644 but 0600 is required.

You should reset your credentials at:

        https://rubygems.org/profile/edit

if you believe they were disclosed to a third party.

If you try changing the file to read-only in the gui, ruby thinks the permissions are:

>> File.stat('credentials').mode.to_s(8)[2..5]
=> "0444"

which still causes usage failures. I've removed all users/group permissions except my own (from the windows security tab gui) on win7, but the failure continues. Spelunking...

Updated by jonforums (Jon Forums) about 11 years ago

it doesn't solve the issue, but why is the permissions check not being isolated to only gem push?

Updated by luislavena (Luis Lavena) about 11 years ago

  • Status changed from Open to Assigned

Updated by drbrain (Eric Hodel) about 11 years ago

  • Status changed from Assigned to Closed

Fixed by r39070 which removes the check on windows. If writing a file as 0600 works on windows someday we can reintroduce it.

Credentials are loaded when .gemrc is loaded. Changing when credentials are loaded is too risky.

Updated by usa (Usaku NAKAMURA) about 11 years ago

  • Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

Updated by drbrain (Eric Hodel) about 11 years ago

On Feb 7, 2013, at 04:12, "usa (Usaku NAKAMURA)" wrote:

Issue #7784 has been updated by usa (Usaku NAKAMURA).

Status changed from Closed to Assigned

Eric, please backport r39133 to rubygems trunk :)

Done!

Updated by drbrain (Eric Hodel) about 11 years ago

  • Status changed from Assigned to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0