Skip to content

chmod permissions in a currently published gem are wrong #8

New issue
New issue
Open
Open
chmod permissions in a currently published gem are wrong#8
@hmdne

Description

@hmdne
hmdne
opened on May 23, 2021

The currently published gem has the following file permissions:

[user@localhost paggio]$ tar -tvf data.tar.gz
-rw------- wheel/wheel     116 2015-12-11 19:40 .travis.yml
-rw------- wheel/wheel      62 2015-12-11 19:40 Gemfile
-rw------- wheel/wheel     416 2015-12-11 19:40 Gemfile.lock
-rw------- wheel/wheel    3246 2015-12-11 19:40 README.md
-rw------- wheel/wheel     179 2015-12-11 19:40 Rakefile
-rw------- wheel/wheel     877 2015-12-11 19:40 lib/paggio.rb
-rw------- wheel/wheel    2351 2015-12-11 19:40 lib/paggio/css.rb
-rw------- wheel/wheel    1016 2015-12-11 19:40 lib/paggio/css/animation.rb
-rw------- wheel/wheel     725 2015-12-11 19:40 lib/paggio/css/color.rb
-rw------- wheel/wheel    7392 2015-12-11 19:40 lib/paggio/css/definition.rb
-rw------- wheel/wheel     576 2015-12-11 19:40 lib/paggio/css/font.rb
-rw------- wheel/wheel     604 2015-12-11 19:40 lib/paggio/css/rule.rb
-rw------- wheel/wheel    4184 2015-12-11 19:40 lib/paggio/css/unit.rb
-rw------- wheel/wheel    4201 2015-12-11 19:40 lib/paggio/formatter.rb
-rw------- wheel/wheel    1824 2015-12-11 19:40 lib/paggio/html.rb
-rw------- wheel/wheel    2611 2015-12-11 19:40 lib/paggio/html/element.rb
-rw------- wheel/wheel     781 2015-12-11 19:40 lib/paggio/html/element/a.rb
-rw------- wheel/wheel     555 2015-12-11 19:40 lib/paggio/html/element/base.rb
-rw------- wheel/wheel     469 2015-12-11 19:40 lib/paggio/html/element/blockquote.rb
-rw------- wheel/wheel     733 2015-12-11 19:40 lib/paggio/html/element/button.rb
-rw------- wheel/wheel     541 2015-12-11 19:40 lib/paggio/html/element/canvas.rb
-rw------- wheel/wheel     554 2015-12-11 19:40 lib/paggio/html/element/embed.rb
-rw------- wheel/wheel     695 2015-12-11 19:40 lib/paggio/html/element/img.rb
-rw------- wheel/wheel     715 2015-12-11 19:40 lib/paggio/html/element/input.rb
-rw------- wheel/wheel     368 2015-12-11 19:40 lib/paggio/html/element/link.rb
-rw------- wheel/wheel     588 2015-12-11 19:40 lib/paggio/html/element/object.rb
-rw------- wheel/wheel     548 2015-12-11 19:40 lib/paggio/html/element/optgroup.rb
-rw------- wheel/wheel     546 2015-12-11 19:40 lib/paggio/html/element/option.rb
-rw------- wheel/wheel     586 2015-12-11 19:40 lib/paggio/html/element/select.rb
-rw------- wheel/wheel     624 2015-12-11 19:40 lib/paggio/html/element/td.rb
-rw------- wheel/wheel     659 2015-12-11 19:40 lib/paggio/html/helpers.rb
-rw------- wheel/wheel     550 2015-12-11 19:40 lib/paggio/markdown.rb
-rw------- wheel/wheel     478 2015-12-11 19:40 lib/paggio/now.rb
-rw------- wheel/wheel     885 2015-12-11 19:40 lib/paggio/script.rb
-rw------- wheel/wheel     865 2015-12-11 19:40 lib/paggio/utils.rb
-rw------- wheel/wheel     506 2015-12-11 19:40 paggio.gemspec
-rw------- wheel/wheel    1289 2015-12-11 19:40 spec/css_spec.rb
-rw------- wheel/wheel    3496 2015-12-11 19:40 spec/html_spec.rb
[user@localhost paggio]$

Ie. 0600, which is at least non-standard. Please ensure that the next release has 0644, as this causes some unnecessary issues, because sudo gem install paggio writes those files with the specified permissions and user needs to correct those to access things to access it with an unprivileged user. (Now that I think about it, it kind of sounds like a possibly security issue for gem on multi-user systems...)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions