Rescue ArgumentError and explain the security vulnerability. Fixes #4726

author: Zehan Zhao <cnallenzhao@gmail.com> 2016-06-30 21:36:31 +0800
committer: Zehan Zhao <cnallenzhao@gmail.com> 2016-07-18 13:45:29 +0800
commit: e00179ea7211ac902e64ad1e08d5b0a26d14adb7 (patch)
tree: 0ea24672f1bb9abeb9da9459f7023d88fd1b8b17
parent: 0db993851608f961267bdbfcca37936a07df402f (diff)
download: bundler-e00179ea7211ac902e64ad1e08d5b0a26d14adb7.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb
index b8eed25d44..15b38869f2 100644
--- a/lib/bundler.rb
+++ b/lib/bundler.rb
@@ -196,6 +196,14 @@ module Bundler
 
     def rm_rf(path)
       FileUtils.remove_entry_secure(path) if path && File.exist?(path)
+    rescue ArgumentError
+      message = <<EOF
+It is a security vulnerability to allow your home directory to be world-writable, and bundler can not continue.
+You should probably consider fixing this issue by running `chmod o-w ~` on *nix.
+Please refer to http://ruby-doc.org/stdlib-2.1.2/libdoc/fileutils/rdoc/FileUtils.html#method-c-remove_entry_secure for details.
+EOF
+      Bundler.ui.warn(message) if File.expand_path(path).world_writable?
+      raise
     end
 
     def settings
author	Zehan Zhao <cnallenzhao@gmail.com>	2016-06-30 21:36:31 +0800
committer	Zehan Zhao <cnallenzhao@gmail.com>	2016-07-18 13:45:29 +0800
commit	e00179ea7211ac902e64ad1e08d5b0a26d14adb7 (patch)
tree	0ea24672f1bb9abeb9da9459f7023d88fd1b8b17
parent	0db993851608f961267bdbfcca37936a07df402f (diff)
download	bundler-e00179ea7211ac902e64ad1e08d5b0a26d14adb7.tar.gz