Issue #20971 has been updated by nobu (Nobuyoshi Nakada). I mean this warning went away since 2.7, which should be unrelated to tainted-ness. ```sh-session $ ruby2.6 -w -rtmpdir -e 'Dir.mktmpdir("", "/tmp") {|w| File.chmod(0777, w); ENV["PATH"] = w}' -e:1: warning: Insecure world writable dir /tmp/20241220-14749-10itz6k in PATH, mode 040777 ``` ---------------------------------------- Feature #20971: Deprecate `rb_path_check` https://bugs.ruby-lang.org/issues/20971#change-111113 * Author: Earlopain (Earlopain _) * Status: Open ---------------------------------------- With #16131, various code around $SAFE, taint, etc. has been deprecated and removed. GH PR https://github.com/ruby/ruby/pull/2476. Now, [`rb_path_check`] still exists as part of the public API, with Ruby itself never using or testing it. I believe it should have been deprecated and was simply missed. Should it be deprecated today or is that not worth the effort? Docs for it are pretty vague: https://github.com/ruby/ruby/blob/33f95d632dce42fac35da29eaed33f0a5a4f0dcb/i...
This function is mysterious. What it does is not immediately obvious. Also what it does seems platform dependent.
[`rb_path_check`]: https://github.com/ruby/ruby/blob/33f95d632dce42fac35da29eaed33f0a5a4f0dcb/f... -- https://bugs.ruby-lang.org/