travis-cookbooks icon indicating copy to clipboard operation
travis-cookbooks copied to clipboard

Published 20 hours ago verified publisher icon travis-ci

New warning in build logs: Insecure world writable dir /usr/local/clang-5.0.0/bin

Open bogdanap opened this issue 8 years ago • 3 comments

I've noticed that there's a new warning that appears in recent build-logs (probably after https://github.com/travis-ci/travis-cookbooks/pull/890 was merged):

/home/travis/filter.rb:43: warning: Insecure world writable dir /usr/local/clang-5.0.0/bin in PATH, mode 040777

Example build: https://travis-ci.org/travis-infrastructure/packer-build/jobs/299997045#L6

bogdanap avatar Nov 10 '17 14:11 bogdanap

Also reported here: https://github.com/travis-ci/travis-ci/issues/8645

bogdanap avatar Nov 20 '17 16:11 bogdanap

As I commented in https://github.com/travis-ci/travis-ci/issues/8892#issuecomment-351416236, the issue here is that the clang 5.0.0 archive is faulty. While https://github.com/travis-ci/travis-build/pull/1272 provides a run-time fix, it would be a good idea to ensure that components added to $PATH in the cookbooks are not world-writable.

BanzaiMan avatar Dec 13 '17 20:12 BanzaiMan

Would you mind checking if this issue is solved with the PR #970? The permissions in the clang 5.0.1 archive file seems to be more restrictive compared to the version 5.0.0.

scribam avatar Feb 24 '18 15:02 scribam