Ruby 1.9.3 testing repository

Vít Ondruch vondruch at redhat.com
Mon Dec 19 15:17:23 UTC 2011


Dne 19.12.2011 15:48, TASAKA Mamoru napsal(a):
> Hello:
>
> Bohuslav Kabrda wrote, at 12/19/2011 06:06 PM +9:00:
>>>> - Installed gems are now divided into different directories. Gems
>>>> installed by regular user goes into his/her home directory,
>>>>    gems installed by root goes to /usr/local/ directory, while the
>>>>    gems installed by RPM will go into /usr directory.
>>>
>>> I don't this behavior is right. If gems installed by regular users
>>> goes into under their home
>>> directory, so should be on root because root is one of the users and
>>> we should prevent root's
>>> installing gems under root's home directory.
>>>
>>
>> I don't quite understand what you are saying - in one sentence you 
>> say that
>> we should install gems in root home because root is just another user 
>> and
>> then you say that we should prevent it. Personally, I think the Vit's 
>> proposed
>> behaviour is right, as root is not (should not) be used for 
>> development/running
>> applications and therefore there is no need for gem directory in his 
>> home.
>> At the same time, root should be able to install non-rpm gems if he 
>> wants to
>> make their new/unpackaged versions available system-wide.
>
> Note this: https://bugzilla.redhat.com/show_bug.cgi?id=513048#c9
> CVE-2007-0469, still open)
>
> (Although I left some comment that I don't agree on that bug) security 
> responsible
> team complains about _default_ behavior of installing system-wide even 
> with root.
> (Again although I left some comments that I don't agree with this) I 
> think
> changing _default_ behavior between root and normal users just introduces
> unneeded confusion.

Let me rephrase what I said:

"If you are logged in as a root, and do "# gem install foo", the gem is 
going to be installed into the /usr/local directory"

That means it does not conflict with any gems installed by RPM nor with 
any other stuff installed by RPM.


Vit


More information about the ruby-sig mailing list