Issue #1800 has been updated by James Tucker.


Doing `sudo <installer> <package>` is always a security risk. 

Rubygems is neither the cause nor the vector for such an exploit.

The specific vector requires that the default install location be customised (e.g. Ubuntu / Debian)

Without a system registry, rubygems can at best warn that it will overwrite something, it cannot hold this notion of "system executable files", which is not clearly defined.
----------------------------------------
http://redmine.ruby-lang.org/issues/show/1800

----------------------------------------
http://redmine.ruby-lang.org