[Rubygems-developers] Executing code after installing gem

Luis Lavena luislavena at gmail.com
Tue Nov 25 07:34:51 EST 2008


On Tue, Nov 25, 2008 at 10:31 AM, Matt King <swdc17 at gmail.com> wrote:
> 2008/11/25 Luis Lavena <luislavena at gmail.com>:
>> Matt,
>>
>> RubyGems is not designed for arbitrary code execution, which will be a
>> security concern.
>>
>> A bad intentioned gem developer will release a gem that can take
>> advantage of this privilege and perform nasty tasks.
>
> Yes, didn't think of it that way. Makes total sense.
>
>> If you like to have a script marked as executable, why not create a
>> CLI and put into the bin directory to be mapped by rubygems as
>> executable for you?
>
> Well because it's not something a user will execute at the CLI, it's a
> required executable by the gem itself in order for some functionality
> to work.

By required executable you mean a binary? Or you're calling/shelling
out to another ruby script that you bundle?

If you provide more information (ala: details) will be much more easy
for us to contribute ideas to proper implement this without guessing
:-)

-- 
Luis Lavena
AREA 17
-
Human beings, who are almost unique in having the ability to learn from
the experience of others, are also remarkable for their apparent
disinclination to do so.
Douglas Adams


More information about the Rubygems-developers mailing list