From: "nobu (Nobuyoshi Nakada) via ruby-core" Date: 2024-12-20T03:16:17+00:00 Subject: [ruby-core:120339] [Ruby master Feature#20971] Deprecate `rb_path_check` Issue #20971 has been updated by nobu (Nobuyoshi Nakada). I mean this warning went away since 2.7, which should be unrelated to tainted-ness. ```sh-session $ ruby2.6 -w -rtmpdir -e 'Dir.mktmpdir("", "/tmp") {|w| File.chmod(0777, w); ENV["PATH"] = w}' -e:1: warning: Insecure world writable dir /tmp/20241220-14749-10itz6k in PATH, mode 040777 ``` ---------------------------------------- Feature #20971: Deprecate `rb_path_check` https://bugs.ruby-lang.org/issues/20971#change-111113 * Author: Earlopain (Earlopain _) * Status: Open ---------------------------------------- With #16131, various code around $SAFE, taint, etc. has been deprecated and removed. GH PR https://github.com/ruby/ruby/pull/2476. Now, [`rb_path_check`] still exists as part of the public API, with Ruby itself never using or testing it. I believe it should have been deprecated and was simply missed. Should it be deprecated today or is that not worth the effort? Docs for it are pretty vague: https://github.com/ruby/ruby/blob/33f95d632dce42fac35da29eaed33f0a5a4f0dcb/include/ruby/internal/intern/hash.h#L289-L297 > This function is mysterious. What it does is not immediately obvious. Also what it does seems platform dependent. [`rb_path_check`]: https://github.com/ruby/ruby/blob/33f95d632dce42fac35da29eaed33f0a5a4f0dcb/file.c#L6427 -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/