[DRE-maint] Bug#540610: rubygems: integrity violation
Michael S. Gilbert
michael.s.gilbert at gmail.com
Mon Aug 10 03:58:04 UTC 2009
On Sun, 09 Aug 2009 17:01:38 +0900 Daigo Moriwaki wrote:
> Hello Michael,
>
> Michael S. Gilbert wrote:
> >> In Debian, executables from gems install into a particular directory specific to
> >> RubyGems such as /var/lib/gems/{1.8|1.9.0}/bin instead of the system directory
> >> /usr/bin. There should be no risk that they talked about.
> >>
> >> If you think of any problems in Debian, please let me know; otherwise, please
> >> close this ticket.
> >
> > what about installing a rogue 'ls' to '/var/lib/gems/{1.8|1.9.0}/bin'?
> > i've never used rubygems before, so i'm not sure how paths are
> > configured. would this override the system 'ls'?
>
> I tried testgem downloaded from http://bugs.gentoo.org/show_bug.cgi?id=278566.
>
> % sudo gem install testgem-0.0.1.gem
> Successfully installed testgem-0.0.1
> 1 gem installed
> Installing ri documentation for testgem-0.0.1...
> File not found: lib
>
> (I think that making document files causes this error.)
>
> % ls /var/lib/gems/1.8/bin/less
> /var/lib/gems/1.8/bin/less
>
>
> So, /usr/bin/less is not overwritten.
> Debian's RubyGems is patched to replace the upstream's indiscriminate default
> directory.
ok, but when you run 'less', does that run /usr/bin/less
or /var/lib/gems/1.8/bin/less? if it is the latter, then there is
definately a problem here.
mike
More information about the Pkg-ruby-extras-maintainers
mailing list