From f558a3834f8f6f63becfe02981924cde9e59b4a2 Mon Sep 17 00:00:00 2001
From: Lars Kanis <lars@greiz-reinsdorf.de>
Date: Mon, 19 Dec 2022 15:04:58 +0100
Subject: [PATCH] Check or add a system wide gemrc file at every rubygems load

.. to prevent hijacking by another user.
---
 resources/files/operating_system.rb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/resources/files/operating_system.rb b/resources/files/operating_system.rb
index 220cccfd0..8f2a84d0a 100644
--- a/resources/files/operating_system.rb
+++ b/resources/files/operating_system.rb
@@ -19,3 +19,23 @@
     end
   end
 end
+
+begin
+  config_fname = Gem::ConfigFile::SYSTEM_WIDE_CONFIG_FILE
+  unless File.exist?(config_fname)
+    File.open(config_fname, File::CREAT | File::EXCL | File::WRONLY) do |fd|
+      fd.write <<-EOT
+# This is the system wide config file for Rubygems.
+# It is generated by RubyInstaller as a security measure.
+# Feel free to add any rubygems config options as described on:
+#    https://docs.ruby-lang.org/en/3.1/Gem/ConfigFile.html
+# But do not delete this file as otherwise it could be hijacked by
+# another user in a multi-user environment.
+---
+{}
+      EOT
+    end
+  end
+rescue => err
+  warn "Warning: Failed to create a system wide 'gemrc' file, making Rubygems possibly insecure: #{err}"
+end