Slide 53
Slide 53 text
How to bypass a Medium Trust Policy?
• Author has decided to sign the parent gem
• User has decided to use a Medium trust policy, to verify and protect
the signed gems in their dependency tree
• All gems within the dependency tree are signed
• We will show how an attacker can still land trojaned gems installed
on the target by doing a gem signing downgrade attack
• It’s simple, in a medium trust policy, only the primary gem must be
signed, if we remove all signing attributes from the dependent
gems, we can trick the installer into installing them.