Do not hard-code permissions for new gem directories during bundle install#9557
Open
maxfelsher-cgi wants to merge 1 commit into
Open
Do not hard-code permissions for new gem directories during bundle install#9557maxfelsher-cgi wants to merge 1 commit into
maxfelsher-cgi wants to merge 1 commit into
Conversation
…stall This hard-coding was overriding umask and setgid settings, making it very difficult to manage gem installations through a shared group. In addition, it differs from the behavior of `gem install`. The hard-coding was originally added in 79386f4 as part of an unrelated reimplementation of `Bundler::RubyGemsGemInstaller#install`, but it looks like the logic on the corresponding line of `Gem::Installer#install` might have been misinterpreted, as that line only sets the `mode` argument if `options[:dir_mode]` is set.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What was the end-user or developer problem that led to this PR?
This fixes #9395. Without this change, when running
bundle install, any newly created gem directory has permissionsrwxr-xr-xregardless ofumasksettings and regardless of the set-group-ID bit of the parent directory. This makes it much harder to remove gems in a multi-user environment (for example, where different developers have conducted deployments). It also differs from the behavior ofgem install ..., which does respect the umask and the set-group-ID bit.What is your fix for the problem, implemented in this PR?
The
mode: 0o755argument was removed from theFileUtils.mkdir_pcall that creates the new directory for the gem being installed. This avoids setting specific permissions and lets the system's default permission handling (such as umask and set-group-ID bits) function.The hard-coding was originally set up in 79386f4 as part of what appeared to be an unrelated reimplementation of
Bundler::RubyGemsGemInstaller#install. Previous to that commit, Bundler::RubyGemsGemInstaller was using the implementation in the parent class,GemInstaller#install. In the commit, the implementation from GemInstaller was copied and then modified to fit Bundler's needs, removing code that wasn't necessary for Bundler. However, I believe a mistake was made during that modification. In the GemInstaller implementation, the relevant lines looked like this:rubygems/lib/rubygems/installer.rb
Lines 303 to 304 in 79386f4
In that case, if
options[:dir_mode]was nil, then the resulting call wasFileUtils.mkdir_p gem_dir, :mode => nil, which was equivalent toFileUtils.mkdir_p gem_dir. Ifoptions[:dir_mode]was truthy, then the call wasFileUtils.mkdir_p gem_dir, :mode => 0755. (Note that there was a line further down that ranFile.chmod(dir_mode, gem_dir) if dir_mode.) My impression is that usuallyoptions[:dir_mode]is not set.After 79386f4, the Bundler implementation was:
rubygems/bundler/lib/bundler/rubygems_gem_installer.rb
Line 22 in 79386f4
This made it so that the
FileUtils.mkdir_pcall always set themodeparameter, instead of hardly ever. I suspect that the codedir_mode && 0755(using the short-circuiting operator) may have been misread asdir_mode & 0755(using the bitwise AND method). The bitwise-AND reading was how I read the code at first glance, and it would make sense that such an interpretation would lead someone to change the code to simply0755when removingdir_mode.There have been some updates to both implementations since 79386f4, but nothing that affects the reasoning above. I saw no mentions of the permissions change in the commit message or associated pull request, and given that
gem installcontinues to have the old behavior, I believe the change was unintentional. It is much more complicated to fix the permissions after the fact without invoking superuser privileges, so I think the right place to make the adjustment is here, where the files are being created.Make sure the following tasks are checked