Ruby gems can execute code as root while they're being installed
29 May 2016 18:07 | ruby | security
Another hilarious and trivial rubygems exploit. The file ext/
Demonstration PoC: https://github.com/m4rkw/rubygems-poc2
[read more...]Abusing rubygems for fun and profit
29 May 2016 12:18 | ruby | security
RubyGems is a nice system, very easy to use and also easy to abuse. Anyone can push a gem straight into the global namespace, even if the gem has the same name as a core library.
This can be trivially abused to break into systems of anyone who isn't very careful what gems they use (and let's be honest, that's probably a lot of developers :).
[read more...]Gangsta Lean ruby web framework
18 Aug 2015 22:22 | ruby | development
When I started building my new website, I didn't want to be boring and just use rails so I decided to write my work super-lightweight ruby web framework.
It's powering this website but is quite basic and rough so probably shouldn't be used by anyone.
[read more...]TVFeed and TransmissionNG
18 Aug 2015 22:17 | ruby | development
I've written a couple of ruby gems that people might find useful..
tvfeed - https://github.com/m4rkw/tvfeed
A gem designed to provide a feed of new TV episodes as magnet links from torrent sites. This is offered purely for research purposes and should suit
[read more...]