[Rubygems-developers] More work on the remote installer

Hugh Sasse Staff Elec Eng hgs at dmu.ac.uk
Wed Dec 1 09:25:46 EST 2004

On Wed, 1 Dec 2004, Jim Weirich wrote:

> I am continuing my work on the remote installer.  Recent changes include :
> (B) Add support for a writable per-user source info cache for use when the
> global cache cannot be written.j

Nobody has responded to my remarks about possible denial of service
attacks by users if data from this is merged with the system cache.
Have I misunderstood this?  Is there no way a user can damage the
site-wide data if they choose?


I'm trying to think of what is possible when you can only really
trust some users on a system.  There's a reason why ruby and other
languages need a root install....


More information about the Rubygems-developers mailing list