David Masover
8/3/2008 6:24:00 PM
On Sunday 03 August 2008 12:47:30 Tim Hunter wrote:
> Because gem install runs as root, allowing arbitrary code to run during
> install is considered a security risk.
Even if it's trusted, it starts to defeat the purpose of a package manager.
See, anything I can "gem install", I can, with confidence, "gem uninstall".
About the only thing missing for me at this point is reverse dependencies --
but it's reasonably easy for me to nuke all gems on my system. With the
Ubuntu-ized Rubygems, even easier -- I can just blow away /var/lib/gems/*,
and start over.
If a gem could run arbitrary code during installation, that would mean I would
have no way, short of analyzing the source code, to know what it installed,
or how to clean up after it when I decide I don't like it after all.
Now, of course, you can always misbehave with the actual binary, because that
is running arbitrary code. But forcing you to do it that way hopefully
discourages you from messing with my system -- after all, I might not be
running that command as root.
So it's not just a security risk -- it's a cruft risk, as well.