--------------090206020806090800060608
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Florian Gross wrote:

> slonik AZ wrote:
> 
>> slashdot published an article on someone's
>> 15 lines long Peer-2-Peer application
>> http://developers.slashdot.org/article.pl?sid/12/15/1953227
>>
>> Another person followed up with a 9 line equivalent Perl code.
>>
>> I wonder what an equivalent Ruby program would look like?
> 
> I did this 9.5 hours ago. Compared to the python one it is not 
> vulnerable to File stealing attacks (a client can request a file 
> ../foobar and ~/foobar from the python server and will get it back 
> AFAIK) and 6 lines long. It is however vulnerable to the DRb style 
> .instance_eval exploits. I will fix this shortly, but I might have to 
> use 7 lines then.

Here we go. Thanks to Mauricio FernáĎdez for helping out with cutting 
off a few important characters!


--------------090206020806090800060608
Content-Type: text/plain;
 name2p.rb"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename2p.rb"

#!/usr/bin/ruby
# Server: ruby p2p.rb password server server-uri merge-servers
# Sample: ruby p2p.rb foobar server druby://localhost:1337 druby://foo.bar:1337
# Client: ruby p2p.rb password client server-uri download-pattern
# Sample: ruby p2p.rb foobar client druby://localhost:1337 *.rb
require'drb';F,D,P,M,U,*Oe,Dir,*ARGV;def s(p)F.basename p[/\w.*/]end;def c u
DRbObject.new((),u)end;def x(u);[P,u].hash;end;M["c"]?c(U).f(x(U)).map{|n|pn)
c);(c.f(p,O[0],0).map{|f|s f}-D["*"]).map{|f|open(f,"w")<<c.f(p,f,1)}}:(DRb.
start_service U,Class.new{def p(zO.push(*z).uniq!;O;end;new.methods.map{|m|m[
/_[_t]/]||private(m)};def f(c,a,t c(U)&&(t?D[s(a)]:t?F.read(s(a)):
p(a))end;def y;(p(U)+p).map{|u|c(u).f(x(u),p(U))rescue()};self;end}.new.y;sleep)

--------------090206020806090800060608--