[Rubygems-developers] Executing code after installing gem

Matt King swdc17 at gmail.com
Tue Nov 25 07:31:58 EST 2008


2008/11/25 Luis Lavena <luislavena at gmail.com>:
> Matt,
>
> RubyGems is not designed for arbitrary code execution, which will be a
> security concern.
>
> A bad intentioned gem developer will release a gem that can take
> advantage of this privilege and perform nasty tasks.

Yes, didn't think of it that way. Makes total sense.

> If you like to have a script marked as executable, why not create a
> CLI and put into the bin directory to be mapped by rubygems as
> executable for you?

Well because it's not something a user will execute at the CLI, it's a
required executable by the gem itself in order for some functionality
to work.

Thanks,
-Matt


More information about the Rubygems-developers mailing list