2 comments

[ 3.0 ms ] story [ 19.3 ms ] thread
This is handy stuff, thanks for writing it up and sharing it!
Not trying to bring up a language war or jump on the wagon berating ruby "magic" (so tired of those conversations. I love the dynamic nature of ruby.

That said... the code examples in this article are exactly the patterns that were leveraged (and are still being leveraged) to exploit the recent wave of object serialization vulnerabilities via YAML/JSON/XML (including the one that popped rubygems.org recently)

see: https://groups.google.com/forum/?fromgroups=#!topic/rubyonra...

Just be super careful when using code like this, it can have very unintended consequences when you bring object remoteing into the mix.