[Rubygems-developers] Reviewing the Tattle Data (was RubyGems plaform thread)
drbrain at segment7.net
Thu Apr 26 15:53:07 EDT 2007
On Apr 26, 2007, at 11:29, Charles Oliver Nutter wrote:
> Eric Hodel wrote:
>> How exactly is it sensitive? If I'm able to run code on the box I
>> can find ruby, via rbconfig.rb or traversing the filesystem. On the
>> other hand, if I had a non-ruby vector for getting into your machine,
>> I'm sure there's lots of other stuff I'd compromise before I got
>> around to messing with your ruby installation.
> I just don't like personally-identifiable information about my
> filesystem layout to be published without my knowledge. Someone
> than me will start causing trouble for that eventually. Sure, it's
> not a
> big deal, but it's exactly the kind of thing security folks frown on.
> Also, how is this information even useful? Is there a good reason to
> grab and publish the install prefix for every Ruby that tattles?
$ tattle -h
tattle report # Print config data without sending
tattle post # Post config data (this is the default)
More information about the Rubygems-developers