gist printing warning with every invocation

[uplime]

I just installed gist, and everything is mostly working as expected, but I get a warning every time I invoke it:

Nicholass-MacBook-Air:~ nchambers$ gist -r eead1d1f1209cc6acb62648ae075afb0
/Users/nchambers/.rvm/gems/ruby-2.4.1/gems/gist-4.6.1/lib/gist.rb:477: warning: Insecure world writable dir /Users/nchambers/qt in PATH, mode 040777
import hexchat

__module_name__ = "partdetach"
__module_version__ = "1.0"
__module_description__ = "/part a channel when detaching from it in ZNC"

def part(word, word_eol, userdata):
    if(len(word) < 2):
        print("no channel specified")

    hexchat.command("PART {words[1]}")
    hexchat.command("CLOSE {words[1]}")
    return hexchat.EAT_ALL

hexchat.hook_server("PART", part)
Nicholass-MacBook-Air:~ nchambers$

That folder is installed by QT, and I'd rather not mess with the permissions. I'm also not concerned with the permissions of that folder, as I know exactly what is in there. Is there any way to disable that warning?

[ConradIrwin]

@nicholas, that's very strange would you mind gisting the contents of 

/Users/nchambers/.rvm/gems/ruby-2.4.1/gems/gist-4.6.1/lib/gist.rb

Line 477 is a blank line in my copy of that file.

Conrad

Sent via Superhuman ( https://sprh.mn/?vip=conrad@superhuman.com )

On Thu, Nov 16, 2017 at 1:24 PM, Nicholas Chambers < notifications@github.com > wrote:

I just installed gist, and everything is mostly working as expected, but I get a warning every time I invoke it:

Nicholass-MacBook-Air:~ nchambers$ gist -r eead1d1f1209cc6acb62648ae075afb0 /Users/nchambers/.rvm/gems/ruby-2.4.1/gems/gist-4.6.1/lib/gist.rb:477: warning: Insecure world writable dir /Users/nchambers/qt in PATH, mode 040777 import hexchat module_name = "partdetach" module_version = "1.0" __module_description__ = "/part a channel when detaching from it in ZNC" def part(word, word_eol, userdata): if(len(word) < 2): print("no channel specified") hexchat.command("PART {words[1]}") hexchat.command("CLOSE {words[1]}") return hexchat.EAT_ALL hexchat.hook_server("PART", part) Nicholass-MacBook-Air:~ nchambers$

That folder is installed by QT, and I'd rather not mess with the permissions. I'm also not concerned with the permissions of that folder, as I know exactly what is in there. Is there any way to disable that warning?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub ( https://github.com/defunkt/gist/issues/271 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAFwQMMdjGjHJr7sP0qmMZXP7PbGwvtmks5s3KgogaJpZM4QhKXr ).

[uplime]

Certainly: https://gist.github.com/0dcadd1c27ab0b413006b5118d42b9d5

If it helps, I installed via gem install gist and here is my environment:

Nicholass-MacBook-Air:~ nchambers$ rvm --version
rvm 1.29.3 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]
Nicholass-MacBook-Air:~ nchambers$ ruby --version
ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
Nicholass-MacBook-Air:~ nchambers$ gem --version
2.6.14
Nicholass-MacBook-Air:~ nchambers$

[ConradIrwin]

Ok, it looks like the which command is giving you that error.

If you run something like the following in a termainal

    $(which -p which) which

Do you see the error message?

I think its complaint is that you have a directory in your path that anyone with shell access to your machine could overwrite your binaries (sounds like a security hole, but if it's a single user machine it's probably irrelevant).

I'd happily accept a pull request that silences diagnostic output from the which command, but I also think you should check what the permissions on that directory should be,

Conrad

Sent via Superhuman ( https://sprh.mn/?vip=conrad.irwin@gmail.com )

On Thu, Nov 16, 2017 at 1:35 PM, Nicholas Chambers < notifications@github.com > wrote:

Certainly: https:/ / gist. github. com/ 0dcadd1c27ab0b413006b5118d42b9d5 ( https://gist.github.com/0dcadd1c27ab0b413006b5118d42b9d5 )

If it helps, I installed via gem install gist and here is my environment:

Nicholass-MacBook-Air:~ nchambers$ rvm --version rvm 1.29.3 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [ https:/ / rvm. io ( https://rvm.io/ ) ] Nicholass-MacBook-Air:~ nchambers$ ruby --version ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16] Nicholass-MacBook-Air:~ nchambers$ gem --version 2.6.14 Nicholass-MacBook-Air:~ nchambers$

— You are receiving this because you commented. Reply to this email directly, view it on GitHub ( https://github.com/defunkt/gist/issues/271#issuecomment-345070107 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAFwQApcSkNW6K9uSr77QtyyR5OwFmKmks5s3KqbgaJpZM4QhKXr ).

[uplime]

Ok, it looks like the which command is giving you that error.

It might be, but I've never had which give me that error before, and I'm not sure how it would be aware of the ruby file. If I modify the file to silence which completely, it still prints the error.

If you run something like the following in a termainal

$(which -p which) which

Do you see the error message?

My which doesn't have a -p, but if I try it without the -p I don't get an error.

I think its complaint is that you have a directory in your path that anyone with shell access to your machine could overwrite your binaries (sounds like a security hole, but if it's a single user machine it's probably irrelevant).

That is my guess as well. I'm not overly concerned, since it is just my own personal macbook and not a (production) server. Those are the default permissions that QT ~created~ used for the folder, so I'd rather not modify them if that is possible.

[uplime]

Also, incidentally, I can't find that warning in which's code anywhere: https://opensource.apple.com/source/shell_cmds/shell_cmds-149/which/which.c.auto.html

[ConradIrwin]

Very peculiar... The other thing to try would be from a pry session running: system ( " which #{ cmd } > /dev/null 2>&1 " ) and see what you get.

Could be to do with the which builtin on the shell that ruby uses by default. (This could also be a red herring, it just seems like the most likely culprit if you're seeing the problem in the which method).

Sent via Superhuman ( https://sprh.mn/?vip=conrad.irwin@gmail.com )

On Thu, Nov 16, 2017 at 1:55 PM, Nicholas Chambers < notifications@github.com > wrote:

Also, incidentally, I can't find that warning in which's code anywhere: https:/ / opensource. apple. com/ source/ shell_cmds/ shell_cmds-149/ which/ which. c. auto. html ( https://opensource.apple.com/source/shell_cmds/shell_cmds-149/which/which.c.auto.html )

— You are receiving this because you commented. Reply to this email directly, view it on GitHub ( https://github.com/defunkt/gist/issues/271#issuecomment-345075293 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAFwQA3CiPgTzQFswJnyqKPuz2aOV3mpks5s3K9RgaJpZM4QhKXr ).

[uplime]

Thank you for the suggestion. I will definitely try that. I'm unfamiliar with pry (beyond the fact that it is a debugger). Do I just gem install pry and pry gist whatever?

[uplime]

So I figured out how to use pry:

Nicholass-MacBook-Air:gist-4.6.1 nchambers$ pwd /Users/nchambers/.rvm/gems/ruby-2.4.1/gems/gist-4.6.1 Nicholass-MacBook-Air:gist-4.6.1 nchambers$ pry [1] pry(main)> require './lib/gist' /Users/nchambers/.rvm/gems/ruby-2.4.1/gems/pry-0.11.3/lib/pry/pager.rb:144: warning: Insecure world writable dir /Users/nchambers/qt in PATH, mode 040777 => true [2] pry(main)> Gist.which('clear') => true [3] pry(main)> Nicholass-MacBook-Air:gist-4.6.1 nchambers$

So if I'm understanding this correctly, it looks like require is the culprit?

[ConradIrwin]

It looks like pry includes a call to system("which ") on line 144 of the pager. I wonder if it's the first call to system in a given ruby process that does it...

Sent via Superhuman ( https://sprh.mn/?vip=conrad.irwin@gmail.com )

On Thu, Nov 16, 2017 at 2:08 PM, Nicholas Chambers < notifications@github.com > wrote:

So I figured out how to use pry:

Nicholass-MacBook-Air:gist-4.6.1 nchambers$ pwd /Users/nchambers/.rvm/gems/ruby-2.4.1/gems/gist-4.6.1 Nicholass-MacBook-Air:gist-4.6.1 nchambers$ pry [1] pry(main)> require './lib/gist' /Users/nchambers/.rvm/gems/ruby-2.4.1/gems/pry-0.11.3/lib/pry/pager.rb:144: warning: Insecure world writable dir /Users/nchambers/qt in PATH, mode 040777 => true [2] pry(main)> Gist.which('clear') => true [3] pry(main)> Nicholass-MacBook-Air:gist-4.6.1 nchambers$

So if I'm understanding this correctly, it looks like require is the culprit?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub ( https://github.com/defunkt/gist/issues/271#issuecomment-345078640 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAFwQFVSOyHw7HLdpSbqXxRhheClLY4Hks5s3LJhgaJpZM4QhKXr ).

[uplime]

Interesting... I'll dig deeper into that and get back to you. Thanks for the help, even though it's looking like the problem isn't with gist!