diff options
author | Zehan Zhao <cnallenzhao@gmail.com> | 2016-06-30 21:36:31 +0800 |
---|---|---|
committer | Zehan Zhao <cnallenzhao@gmail.com> | 2016-07-18 13:45:29 +0800 |
commit | e00179ea7211ac902e64ad1e08d5b0a26d14adb7 (patch) | |
tree | 0ea24672f1bb9abeb9da9459f7023d88fd1b8b17 | |
parent | 0db993851608f961267bdbfcca37936a07df402f (diff) | |
download | bundler-e00179ea7211ac902e64ad1e08d5b0a26d14adb7.tar.gz |
Rescue ArgumentError and explain the security vulnerability. Fixes #4726
-rw-r--r-- | lib/bundler.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb index b8eed25d44..15b38869f2 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -196,6 +196,14 @@ module Bundler def rm_rf(path) FileUtils.remove_entry_secure(path) if path && File.exist?(path) + rescue ArgumentError + message = <<EOF +It is a security vulnerability to allow your home directory to be world-writable, and bundler can not continue. +You should probably consider fixing this issue by running `chmod o-w ~` on *nix. +Please refer to http://ruby-doc.org/stdlib-2.1.2/libdoc/fileutils/rdoc/FileUtils.html#method-c-remove_entry_secure for details. +EOF + Bundler.ui.warn(message) if File.expand_path(path).world_writable? + raise end def settings |