Ruby and compliance

All:

I’m trying to potentially have Ruby distributed on an embedded system.
The issue that our security folks came back with is that Ruby, like
Perl, has some issues around eval and exec that could allow someone to
execute code from a Ruby script they could not execute from a normal
shell…

Apparently this is the reason we never put Perl in this system…

Anyone else run into this or can shed some light on it? I’m not 100%
wrapping my head around it, to be honest.

Derick

Take a look at this: Locking Ruby in the Safe