[Rubygems-developers] More work on the remote installer
Hugh Sasse Staff Elec Eng
hgs at dmu.ac.uk
Wed Dec 1 09:25:46 EST 2004
On Wed, 1 Dec 2004, Jim Weirich wrote:
> I am continuing my work on the remote installer. Recent changes include :
[...]
> (B) Add support for a writable per-user source info cache for use when the
> global cache cannot be written.j
Nobody has responded to my remarks about possible denial of service
attacks by users if data from this is merged with the system cache.
Have I misunderstood this? Is there no way a user can damage the
site-wide data if they choose?
http://www.theregister.co.uk/2004/11/29/ie_security_holes/
I'm trying to think of what is possible when you can only really
trust some users on a system. There's a reason why ruby and other
languages need a root install....
Hugh
More information about the Rubygems-developers
mailing list