[Rubygems-developers] Executing code after installing gem
swdc17 at gmail.com
Tue Nov 25 07:31:58 EST 2008
2008/11/25 Luis Lavena <luislavena at gmail.com>:
> RubyGems is not designed for arbitrary code execution, which will be a
> security concern.
> A bad intentioned gem developer will release a gem that can take
> advantage of this privilege and perform nasty tasks.
Yes, didn't think of it that way. Makes total sense.
> If you like to have a script marked as executable, why not create a
> CLI and put into the bin directory to be mapped by rubygems as
> executable for you?
Well because it's not something a user will execute at the CLI, it's a
required executable by the gem itself in order for some functionality
More information about the Rubygems-developers