diff options
| author | Martin Afanasjew | 2016-04-07 22:09:14 +0200 |
|---|---|---|
| committer | Martin Afanasjew | 2016-04-08 00:04:15 +0200 |
| commit | d7aa0c0335dd67e4151503f3a29d7089c57059c3 (patch) | |
| tree | 23f05b155acf614ab634da9afd090cad8fed969e | |
| parent | d5085edce0b5482771c66cfe3e2c013ee3ca90f6 (diff) | |
| download | brew-d7aa0c0335dd67e4151503f3a29d7089c57059c3.tar.bz2 | |
scm/git: prevent exec bomb with 'env :userpaths'
Using `git` from `Formula#install` can cause an exec bomb if used in a
formula with `env :userpaths` because that causes both `Library/ENV/4.3`
and `Library/ENV/scm` to be in PATH, both of which contain a `git`
binary that is the same SCM wrapper. Those will mutually exec each other
indefinitely as they fail to detect that they are the same wrapper.
Extend the exec-bomb protection to check the paths after all symbolic
links have been expanded to prevent this situation.
Fixes #43.
Fixes Homebrew/homebrew-core#133.
Fixed Homebrew/homebrew-core#143.
Closes #46.
Signed-off-by: Martin Afanasjew <martin@afanasjew.de>
| -rwxr-xr-x | Library/ENV/scm/git | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Library/ENV/scm/git b/Library/ENV/scm/git index 05148339a..1e74a175d 100755 --- a/Library/ENV/scm/git +++ b/Library/ENV/scm/git @@ -13,13 +13,16 @@ exec "$HOMEBREW_RUBY_PATH" -x "$0" "$@" # This script because we support $GIT, $HOMEBREW_SVN, etc., Xcode-only and # no Xcode/CLT configurations. Order is careful to be what the user would want. +require "pathname" + +SELF_REAL = Pathname.new(__FILE__).realpath F = File.basename(__FILE__).freeze D = File.expand_path(File.dirname(__FILE__)).freeze def exec(*args) # prevent fork-bombs arg0 = args.first - return if arg0 =~ /^#{F}/i || File.expand_path(arg0) == File.expand_path(__FILE__) + return if arg0 =~ /^#{F}/i || Pathname.new(arg0).realpath == SELF_REAL super end |