safer 'install' task #61
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
may get high permission when installing change behavior to avoid dangerous building while installing now installation will never do building
'safe_config' will never recheck safer to be used in 'install'
|
Ok, I'll find a better solution to fix this problem in the next few days. Thanks. : ) |
|
I have found an example: if run linuxbrew as root, linuxbrew will give a note then stop $ sudo brew
W: be careful as root.
========================================================================
You may want to update following environments after installed linuxbrew.
PATH, MANPATH, INFOPATH
(example: /usr/share/doc/linuxbrew-wrapper/examples/profile)
========================================================================
Don't run this as root! |
|
Ok, thanks for your advice. I am solving this problem, please wait some time. : ) |
|
You can try the lastest commit 235bb96 from dev branch firstly. And I will continue to improve some details in future. |
ghost
deleted the
|
Would you add a note displaying like brew? |
|
Ok, I will add it. |
ghost
mentioned this pull request
|
I have add it for checking root. You can see the following tips: $sudo xmake |
|
I see. Good job! 🍺 |
ghost
mentioned this pull request
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request is trying to fix a problem about security
When installing something, users take it for granted to give command higher permission. I think most users use
sudo xmake installinstead ofxmake install, because installing will put files into paths like/usr/localand root permission is required.That is the problem. I found xmake will always build the target before installing even if it has been built before. And the building is a latent danger. For example, a bad man replace the compiler like gcc, and while installing, the fake gcc will get root permission to do something bad.
There are two solutions to avoid this. One is to set permission lower by process self before actual installation. Another is to do least things with high permission. My solution is to let task 'install' avoid building and use 'safe_config' which will not reconfig instead of 'config'. When users directly do task 'install' without building before, they will get a note to do building.
Also, except security, the build by root will generate result files with wrong owner. On my computer, after installation, I couldn't even delete 'build' dir without
sudoMy solution may be not perfect enough. Please do not merge easily. But the secure problem must be fixed.