While this is bad, most gems are executable code, which will get executed (seein... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

CJefferson on Aug 30, 2017 | parent | context | favorite | on: Multiple vulnerabilities in RubyGems

While this is bad, most gems are executable code, which will get executed (seeing as you installed the gem).

So while this is bad, I don't think it's that bad -- a malicious gem could always mess you up. Still update!

irishsultan on Aug 30, 2017 [–]

The only difference is that you are perhaps more likely to install a gem system wide (which would require root rights normally) than run code from a locally installed gem with root rights.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact