[Rubygems-developers] Executing code after installing gem

Berger, Daniel Daniel.Berger at qwest.com
Tue Nov 25 11:34:00 EST 2008


> -----Original Message-----
> From: rubygems-developers-bounces at rubyforge.org 
> [mailto:rubygems-developers-bounces at rubyforge.org] On Behalf 
> Of Charlie Savage
> Sent: Tuesday, November 25, 2008 9:29 AM
> To: rubygems-developers at rubyforge.org
> Subject: Re: [Rubygems-developers] Executing code after installing gem
> 
> > RubyGems is not designed for arbitrary code execution, 
> which will be a 
> > security concern.
> 
> Except it already does by letting a developer specify a 
> Rakefile in spec.extensions.  That's how I hacked around 
> RubyGems to correctly install dependent dlls into the lib directory.
> 
> Not to mention the fact that once I have my gem installed, it 
> can pretty much do what it wants.

Interesting.

Maybe we should provide a builtin hook for a post installation task on
the condition that the gem is signed?

Just a thought.

Regards,

Dan


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.


More information about the Rubygems-developers mailing list