[Rubygems-developers] Executing code after installing gem
Charlie Savage
cfis at savagexi.com
Tue Nov 25 11:28:36 EST 2008
> RubyGems is not designed for arbitrary code execution, which will be a
> security concern.
Except it already does by letting a developer specify a Rakefile in
spec.extensions. That's how I hacked around RubyGems to correctly
install dependent dlls into the lib directory.
Not to mention the fact that once I have my gem installed, it can pretty
much do what it wants.
Charlie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://rubyforge.org/pipermail/rubygems-developers/attachments/20081125/a43d5ff0/attachment-0001.bin>
More information about the Rubygems-developers
mailing list