admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

postinstall: don't allow writes to prefix itself.

Browse Source 
Only the top-level directories inside it. We don't want formulae writing
random junk in e.g. `/usr/local` even in `postinstall`.
This commit is contained in:
Mike McQuaid 2016-12-13 00:13:20 +00:00
parent 666463ca2b
commit 2b547583a3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Library/Homebrew/cmd/postinstall.rb
View File

@ -37,8 +37,10 @@ module Homebrew
sandbox.allow_write_log(formula) sandbox.allow_write_log(formula)
sandbox.allow_write_xcode sandbox.allow_write_xcode
sandbox.deny_write_homebrew_repository sandbox.deny_write_homebrew_repository
sandbox.allow_write_path HOMEBREW_PREFIX
sandbox.allow_write_cellar(formula) sandbox.allow_write_cellar(formula)
Keg::TOP_LEVEL_DIRECTORIES.each do |dir|
sandbox.allow_write_path "#{HOMEBREW_PREFIX}/#{dir}"
end
sandbox.exec(*args) sandbox.exec(*args)
else else
exec(*args) exec(*args)