admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

sandbox: tweak HOMEBREW_REPOSITORY handling.

Browse Source 
If we have a HOMEBREW_REPOSITORY and HOMEBREW_PREFIX mismatch (now the
default) then we can block access to the whole of HOMEBREW_REPOSITORY
rather than just the HOMEBREW_LIBRARY and `.git`.
This commit is contained in:
Mike McQuaid 2016-09-23 08:26:49 +01:00
parent 5cf3838f42
commit 536c48e804
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Library/Homebrew/cmd/postinstall.rb
View File

@ -36,7 +36,7 @@ module Homebrew
sandbox.allow_write_cellar(formula) sandbox.allow_write_cellar(formula)
sandbox.allow_write_xcode sandbox.allow_write_xcode
sandbox.allow_write_path HOMEBREW_PREFIX sandbox.allow_write_path HOMEBREW_PREFIX
sandbox.deny_write_homebrew_library sandbox.deny_write_homebrew_repository
sandbox.exec(*args) sandbox.exec(*args)
else else
exec(*args) exec(*args)

10
Library/Homebrew/sandbox.rb
View File

@ -84,10 +84,14 @@ class Sandbox
allow_write_path formula.logs allow_write_path formula.logs
end end
def deny_write_homebrew_library def deny_write_homebrew_repository
deny_write_path HOMEBREW_LIBRARY
deny_write_path HOMEBREW_REPOSITORY/".git"
deny_write HOMEBREW_BREW_FILE deny_write HOMEBREW_BREW_FILE
if HOMEBREW_PREFIX.to_s != HOMEBREW_REPOSITORY.to_s
deny_write_path HOMEBREW_REPOSITORY
else
deny_write_path HOMEBREW_LIBRARY
deny_write_path HOMEBREW_REPOSITORY/".git"
end
end end
def exec(*args) def exec(*args)