diff options
| author | Mike McQuaid | 2016-11-06 20:42:13 +0000 |
|---|---|---|
| committer | GitHub | 2016-11-06 20:42:13 +0000 |
| commit | 586b35fe29a2bcf3edc6869345e425df6df4a78c (patch) | |
| tree | 132dfde4feeb0df5b0fa269ff658395a58a1ad8a | |
| parent | 58f21b51c9b961f2f4195fe6e048d515b27e27ba (diff) | |
| parent | eabdbde3f0b7d34de8233e8f886fea10d2922a9e (diff) | |
| download | brew-586b35fe29a2bcf3edc6869345e425df6df4a78c.tar.bz2 | |
Merge pull request #1452 from MikeMcQuaid/disable-root
brew.sh: disable running Homebrew as root.
| -rw-r--r-- | Library/Homebrew/brew.sh | 38 |
1 files changed, 9 insertions, 29 deletions
diff --git a/Library/Homebrew/brew.sh b/Library/Homebrew/brew.sh index 8a6ceff8f..53eca59b8 100644 --- a/Library/Homebrew/brew.sh +++ b/Library/Homebrew/brew.sh @@ -239,41 +239,21 @@ fi check-run-command-as-root() { [[ "$(id -u)" = 0 ]] || return - export HOMEBREW_NO_SANDBOX="1" + # Homebrew Cask may need `sudo` for system-wide installation. [[ "$HOMEBREW_COMMAND" = "cask" ]] && return + + # Homebrew Services may need `sudo` for system-wide daemons. [[ "$HOMEBREW_COMMAND" = "services" ]] && return + + # It's fine to run this as root as it's not changing anything. [[ "$HOMEBREW_COMMAND" = "--prefix" ]] && return - onoe <<EOS -Running Homebrew as root is extremely dangerous. As Homebrew does not -drop privileges on installation you are giving all build scripts full access -to your system. As a result of the macOS sandbox not handling the root user -correctly HOMEBREW_NO_SANDBOX has been set so the sandbox will not be used. If -we have not merged a pull request to add privilege dropping by November 1st -2016 running Homebrew as root will be disabled. No Homebrew maintainers plan -to work on this functionality. + odie <<EOS +Running Homebrew as root is extremely dangerous and no longer supported. +As Homebrew does not drop privileges on installation you would be giving all +build scripts full access to your system. EOS - - case "$HOMEBREW_COMMAND" in - analytics|create|install|link|migrate|pin|postinstall|reinstall|switch|tap|\ - tap-pin|update|upgrade|vendor-install) - ;; - *) - return - ;; - esac - - local brew_file_ls_info=($(ls -nd "$HOMEBREW_BREW_FILE")) - if [[ "${brew_file_ls_info[2]}" != 0 ]] - then - odie <<EOS -Cowardly refusing to 'sudo brew $HOMEBREW_COMMAND' -You can use brew with sudo, but only if the brew executable is owned by root. -However, this is both not recommended and completely unsupported so do so at -your own risk. -EOS - fi } check-run-command-as-root |