From 257c8d7e39537b26b84f660f4ce1ba741ade7fef Mon Sep 17 00:00:00 2001
From: Jay Mundrawala <jay@thechamberofunderstanding.com>
Date: Fri, 18 Jan 2019 10:50:13 -0600
Subject: [PATCH] Make gems not world writable

Signed-off-by: Jay Mundrawala <jay@thechamberofunderstanding.com>
---
 habitat/plan.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/habitat/plan.sh b/habitat/plan.sh
index eea80bc08..15cc8c310 100644
--- a/habitat/plan.sh
+++ b/habitat/plan.sh
@@ -47,6 +47,10 @@ do_install() {
   popd
 
   wrap_inspec_bin
+
+  # Certain gems (timeliness) are getting installed with world writable files
+  # This is removing write bits for group and other.
+  find "$GEM_HOME" -xdev -perm -0002 -type f -print 2>/dev/null | xargs -I '{}' chmod go-w '{}'
 }
 
 # Need to wrap the InSpec binary to ensure paths are correct