diff options
| author | Mike McQuaid | 2016-12-13 00:13:20 +0000 |
|---|---|---|
| committer | Mike McQuaid | 2016-12-13 00:13:20 +0000 |
| commit | 2b547583a3d147ad06ae26bbc1bcbaf8ce0ce9fb (patch) | |
| tree | 39f0ff3a0aa7949ba91bd64140b9ac3ef222628c | |
| parent | 666463ca2be08261cf103e4870b267f5b461a7f3 (diff) | |
| download | brew-2b547583a3d147ad06ae26bbc1bcbaf8ce0ce9fb.tar.bz2 | |
postinstall: don't allow writes to prefix itself.
Only the top-level directories inside it. We don't want formulae writing
random junk in e.g. `/usr/local` even in `postinstall`.
| -rw-r--r-- | Library/Homebrew/cmd/postinstall.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb index e8855b09e..8808a2602 100644 --- a/Library/Homebrew/cmd/postinstall.rb +++ b/Library/Homebrew/cmd/postinstall.rb @@ -37,8 +37,10 @@ module Homebrew sandbox.allow_write_log(formula) sandbox.allow_write_xcode sandbox.deny_write_homebrew_repository - sandbox.allow_write_path HOMEBREW_PREFIX sandbox.allow_write_cellar(formula) + Keg::TOP_LEVEL_DIRECTORIES.each do |dir| + sandbox.allow_write_path "#{HOMEBREW_PREFIX}/#{dir}" + end sandbox.exec(*args) else exec(*args) |