From d00f35b8c4dcdcbf86074015f0471f27e3dc2aaa Mon Sep 17 00:00:00 2001
From: Yoshimasa Niwa
Date: Sun, 9 Oct 2016 13:27:31 -0700
Subject: FIX: cask changes /usr/local ownership recursively

Relatively old code in Hbc::Caskroom recursively changes the ownership
of the directory where the Caskroom directory exists, that changes
entire files in /usr/local to user:staff if Homebrew setup with default
configuration.
This is really dangerous because it's easy to trigger (just simply type
`brew cask something` by following some installation documentation.)

This patch removes entire `chown` with -R option and make the logic
simply creating Caskroom directory with default Homebrew directories
ownership and permission.
---
 Library/Homebrew/cask/lib/hbc/caskroom.rb | 31 ++++++++++++-------------------
 1 file changed, 12 insertions(+), 19 deletions(-)

(limited to 'Library')

diff --git a/Library/Homebrew/cask/lib/hbc/caskroom.rb b/Library/Homebrew/cask/lib/hbc/caskroom.rb
index 583cac34a..6375345ee 100644
--- a/Library/Homebrew/cask/lib/hbc/caskroom.rb
+++ b/Library/Homebrew/cask/lib/hbc/caskroom.rb
@@ -13,7 +13,7 @@ module Hbc
         FileUtils.mv repo_caskroom, Hbc.caskroom
       else
         opoo "#{Hbc.caskroom.parent} is not writable, sudo is needed to move the Caskroom."
-        system "/usr/bin/sudo", "--", "/bin/mv", "--", repo_caskroom.to_s, Hbc.caskroom.parent.to_s
+        sudo "/bin/mv", repo_caskroom.to_s, Hbc.caskroom.parent.to_s
       end
     end
 
@@ -21,24 +21,17 @@ module Hbc
       return if Hbc.caskroom.exist?
 
       ohai "Creating Caskroom at #{Hbc.caskroom}"
-      if Hbc.caskroom.parent.writable?
-        Hbc.caskroom.mkpath
-      else
-        ohai "We'll set permissions properly so we won't need sudo in the future"
-        toplevel_dir = Hbc.caskroom
-        toplevel_dir = toplevel_dir.parent until toplevel_dir.parent.root?
-        unless toplevel_dir.directory?
-          # If a toplevel dir such as '/opt' must be created, enforce standard permissions.
-          # sudo in system is rude.
-          system "/usr/bin/sudo", "--", "/bin/mkdir", "--",         toplevel_dir
-          system "/usr/bin/sudo", "--", "/bin/chmod", "--", "0775", toplevel_dir
-        end
-        # sudo in system is rude.
-        system "/usr/bin/sudo", "--", "/bin/mkdir", "-p", "--", Hbc.caskroom
-        unless Hbc.caskroom.parent == toplevel_dir
-          system "/usr/bin/sudo", "--", "/usr/sbin/chown", "-R", "--", "#{Utils.current_user}:staff", Hbc.caskroom.parent.to_s
-        end
-      end
+      ohai "We'll set permissions properly so we won't need sudo in the future"
+
+      sudo "/bin/mkdir", "-p", Hbc.caskroom
+      sudo "/bin/chmod", "g+rwx", Hbc.caskroom
+      sudo "/usr/sbin/chown", Utils.current_user, Hbc.caskroom
+      sudo "/usr/bin/chgrp", "admin", Hbc.caskroom
+    end
+
+    def sudo(*args)
+      ohai "/usr/bin/sudo #{args.join(" ")}"
+      system "/usr/bin/sudo", *args
     end
   end
 end
-- 
cgit v1.2.3