Skip to content

0.0.2 gem contains files with 0600 modes #6

New issue
New issue
Closed
Closed
0.0.2 gem contains files with 0600 modes#6
@richardc

Description

@richardc
richardc
opened on Mar 27, 2018
$ curl -sO https://rubygems.org/downloads/omniauth-jwt-0.0.2.gem

$ gem unpack omniauth-jwt-0.0.2.gem
Unpacked gem: '/Users/richardc/src/omniauth-jwt-0.0.2'

$ find omniauth-jwt-0.0.2 -ls
8600003236        0 drwxr-xr-x   13 richardc         staff                 416 27 Mar 18:01 omniauth-jwt-0.0.2
8600003241        8 -rw-r--r--    1 richardc         staff                 236 27 Mar 18:01 omniauth-jwt-0.0.2/Guardfile
8600003238        8 -rw-rw-r--    1 richardc         staff                  26 27 Mar 18:01 omniauth-jwt-0.0.2/.rspec
8600003253        0 drwxr-xr-x    4 richardc         staff                 128 27 Mar 18:01 omniauth-jwt-0.0.2/spec
8600003258        8 -rw-rw-r--    1 richardc         staff                 906 27 Mar 18:01 omniauth-jwt-0.0.2/spec/spec_helper.rb
8600003254        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/spec/lib
8600003255        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/spec/lib/omniauth
8600003256        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/spec/lib/omniauth/strategies
8600003257        8 -rw-------    1 richardc         staff                2423 27 Mar 18:01 omniauth-jwt-0.0.2/spec/lib/omniauth/strategies/jwt_spec.rb
8600003243        8 -rw-rw-r--    1 richardc         staff                3211 27 Mar 18:01 omniauth-jwt-0.0.2/README.md
8600003244        8 -rw-rw-r--    1 richardc         staff                 109 27 Mar 18:01 omniauth-jwt-0.0.2/Rakefile
8600003237        8 -rw-rw-r--    1 richardc         staff                 154 27 Mar 18:01 omniauth-jwt-0.0.2/.gitignore
8600003245        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/lib
8600003246        0 drwxr-xr-x    5 richardc         staff                 160 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth
8600003248        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth/jwt
8600003249        8 -rw-rw-r--    1 richardc         staff                  61 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth/jwt/version.rb
8600003247        8 -rw-rw-r--    1 richardc         staff                  64 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth/jwt.rb
8600003250        0 drwxr-xr-x    3 richardc         staff                  96 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth/strategies
8600003251        8 -rw-------    1 richardc         staff                1552 27 Mar 18:01 omniauth-jwt-0.0.2/lib/omniauth/strategies/jwt.rb
8600003240        8 -rw-rw-r--    1 richardc         staff                  97 27 Mar 18:01 omniauth-jwt-0.0.2/Gemfile
8600003242        8 -rw-rw-r--    1 richardc         staff                1071 27 Mar 18:01 omniauth-jwt-0.0.2/LICENSE.txt
8600003239        8 -rw-rw-r--    1 richardc         staff                  63 27 Mar 18:01 omniauth-jwt-0.0.2/.travis.yml
8600003252        8 -rw-rw-r--    1 richardc         staff                1188 27 Mar 18:01 omniauth-jwt-0.0.2/omniauth-jwt.gemspec

The problematic file there is omniauth-jwt-0.0.2/lib/omniauth/strategies/jwt.rb. It's 0600 which means if I install it as a system gem only the user who installed it can use it.

Could you ship a 0.0.3 with that permission corrected? Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions