Another hilarious and trivial rubygems exploit. The file ext/<ext>/extconf.rb
gets executed as root during installation. A malicious gem could put code in
there that installs a backdoor.
Demonstration PoC: https://github.com/m4rkw/rubygems-poc2
RubyGems is a nice system, very easy to use and also easy to abuse. Anyone can push
a gem straight into the global namespace, even if the gem has the same name as a core
This can be trivially abused to break into systems of anyone who isn't very careful
what gems they use (and let's be honest, that's probably a lot of developers :).
When I started building my new website, I didn't want to be boring and just use
rails so I decided to write my work super-lightweight ruby web framework.
It's powering this website but is quite basic and rough so probably shouldn't
be used by anyone.
I've written a couple of ruby gems that people might find useful..
tvfeed - https://github.com/m4rkw/tvfeed
A gem designed to provide a feed of new TV episodes as magnet links from
torrent sites. This is offered purely for research purposes and should suit