Patch YAML to allow only some Gem classes to be unmarshalled

config/initializers/forbidden_yaml.rb

@@ -0,0 +1,59 @@
+# XXX: This is purely a monkey patch to close the exploit vector for now, a more
+# permanent solution should be pushed upstream into rubygems.
+
+require "rubygems"
+
+# Assert we're using Psych
+abort "Use Psych for YAML, install libyaml and reinstall ruby" unless YAML == Psych
+
+module Psych
+  class ForbiddenClassException < Exception
+  end
+
+  module Visitors
+    class WhitelistedToRuby < ToRuby
+      WHITELIST = %w(
+        Gem::Dependency
+        Gem::Platform
+        Gem::Requirement
+        Gem::Specification
+        Gem::Version
+        Gem::Version::Requirement
+      )
+
+    private
+
+      def resolve_class klassname
+        raise ForbiddenClassException, "Forbidden class in YAML: #{klassname}" unless WHITELIST.include? klassname
+        super klassname
+      end
+    end
+  end
+end
+
+module Gem
+  class Specification
+    def self.from_yaml input
+      input = normalize_yaml_input input
+      nodes = Psych.parse input
+      spec = Psych::Visitors::WhitelistedToRuby.new.accept nodes
+
+      if spec && spec.class == FalseClass then
+        raise Gem::EndOfYAMLException
+      end
+
+      unless Gem::Specification === spec then
+        raise Gem::Exception, "YAML data doesn't evaluate to gem specification"
+      end
+
+      unless (spec.instance_variables.include? '@specification_version' or
+              spec.instance_variables.include? :@specification_version) and
+             spec.instance_variable_get :@specification_version
+        spec.instance_variable_set :@specification_version,
+                                   NONEXISTENT_SPECIFICATION_VERSION
+      end
+
+      spec
+    end
+  end
+end