Ruby gems can execute code as root while they're being installed

29 May 2016 18:07 | ruby | security

Another hilarious and trivial rubygems exploit. The file ext//extconf.rb gets executed as root during installation. A malicious gem could put code in there that installs a backdoor.

Demonstration PoC: https://github.com/m4rkw/rubygems-poc2

$ ls -la /tmp/lol
ls: cannot access /tmp/lol: No such file or directory
$ sudo gem install file-4.3.2.gem
Building native extensions. This could take a while…
Successfully installed file-4.3.2
Parsing documentation for file-4.3.2
Done installing documentation for file after 0 seconds
1 gem installed
$ /tmp/lol

id

uid=0(root) gid=1000(mark) groups=0(root),1000(mark),1003(admin)

Again, be very careful what gems you install!

all posts

[year]
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015

[tag]
AWS
agile
apple
apple watch
aws
bash
cryptocurrency
development
email
exploits
iOS
iphone
linux
macOS
mining
mysql
php
ruby
scrum
security
synology
tailscale
touchID
vim
work

Mark Wadham

Ruby gems can execute code as root while they're being installed

29 May 2016 18:07 | ruby | security

id