One gem we install has a few world-writable files.
Thankfully, none of them are actually loaded while running CC, as far as I can tell, but this was flagged by a scanner as a potential security issue.
See this issue for more info: https://github.com/rdp/os/issues/44. It appears to have been unintentional, so if this can happen accidentally we'd like to prevent it in the future.
[x] I have viewed signed and have submitted the Contributor License Agreement
[x] I have made this pull request to the develop branch
One gem we install has a few world-writable files.
Thankfully, none of them are actually loaded while running CC, as far as I can tell, but this was flagged by a scanner as a potential security issue.
See this issue for more info: https://github.com/rdp/os/issues/44. It appears to have been unintentional, so if this can happen accidentally we'd like to prevent it in the future.
[x] I have viewed signed and have submitted the Contributor License Agreement
[x] I have made this pull request to the
developbranch[ ] I have run CF Acceptance Tests on bosh lite