admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

brew.sh: complain when running Homebrew as root.

Browse Source 
As discussed: announce that we are deprecating running Homebrew as the
root user as it's insecure and requires disabling the sandbox.

Fixes #796.
This commit is contained in:
Mike McQuaid 2016-08-25 18:32:32 +01:00
parent 72846fac47
commit 27b0ca4b47
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Library/Homebrew/brew.sh
View File

@ -200,6 +200,21 @@ then
fi fi
check-run-command-as-root() { check-run-command-as-root() {
[[ "$(id -u)" = 0 ]] || return
export HOMEBREW_NO_SANDBOX="1"
[[ "$HOMEBREW_COMMAND" = "services" ]] && return
onoe <<EOS
Running Homebrew as root is extremely dangerous. As Homebrew does not
drop privileges on installation you are giving all build scripts full access
to your system. As a result of the OS X sandbox not handling the root user
correctly HOMEBREW_NO_SANDBOX has been set so the sandbox will not be used. If
we have not merged a pull request to add privilege dropping by November 1st
2016 running Homebrew as root will be disabled. No Homebrew maintainers plan
to work on this functionality.
EOS
case "$HOMEBREW_COMMAND" in case "$HOMEBREW_COMMAND" in
analytics|create|install|link|migrate|pin|postinstall|reinstall|switch|tap|\ analytics|create|install|link|migrate|pin|postinstall|reinstall|switch|tap|\
tap-pin|update|upgrade|vendor-install) tap-pin|update|upgrade|vendor-install)
@ -209,8 +224,6 @@ check-run-command-as-root() {
;; ;;
esac esac
[[ "$(id -u)" = 0 ]] || return
local brew_file_ls_info=($(ls -nd "$HOMEBREW_BREW_FILE")) local brew_file_ls_info=($(ls -nd "$HOMEBREW_BREW_FILE"))
if [[ "${brew_file_ls_info[2]}" != 0 ]] if [[ "${brew_file_ls_info[2]}" != 0 ]]
then then