Ruby and compliance


I’m trying to potentially have Ruby distributed on an embedded system.
The issue that our security folks came back with is that Ruby, like
Perl, has some issues around eval and exec that could allow someone to
execute code from a Ruby script they could not execute from a normal

Apparently this is the reason we never put Perl in this system…

Anyone else run into this or can shed some light on it? I’m not 100%
wrapping my head around it, to be honest.


Take a look at this: Locking Ruby in the Safe