admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

sandbox: fix the rules

Browse Source 
1. `script` (used to fake the tty) requires write access to /dev/ptmx
and /dev/ttys*
2. sandbox profile only accepts `[0-9]` instead of `\d`.
This commit is contained in:
Xu Cheng 2015-05-10 17:39:53 +08:00
parent a80c2ae06f
commit 64c0927087
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Library/Homebrew/sandbox.rb
View File

@ -110,10 +110,11 @@ class Sandbox
(debug deny) ; log all denied operations to /var/log/system.log (debug deny) ; log all denied operations to /var/log/system.log
<%= rules.join("\n") %> <%= rules.join("\n") %>
(allow file-write* (allow file-write*
(literal "/dev/ptmx")
(literal "/dev/dtracehelper") (literal "/dev/dtracehelper")
(literal "/dev/null") (literal "/dev/null")
(regex #"^/dev/fd/\\d+$") (regex #"^/dev/fd/[0-9]+$")
(regex #"^/dev/tty\\d*$") (regex #"^/dev/ttys?[0-9]*$")
) )
(deny file-write*) ; deny non-whitelist file write operations (deny file-write*) ; deny non-whitelist file write operations
(allow default) ; allow everything else (allow default) ; allow everything else