Skip to content

C
cocoapods
Commit bc38c7ed authored by Eloy Durán's avatar Eloy Durán
Browse files
Options

[Sandbox] Reading from paths that contain executables should be safe.

parent 48ead16b
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
bin/sandbox-pod
View file @ bc38c7ed
......@@ -37,6 +37,7 @@ ruby_prefix = RbConfig::CONFIG['prefix']
prefixes = ['/bin', '/usr/bin']
prefixes << `brew --prefix`.strip unless `which brew`.strip.empty?
# TODO add MacPorts. More?
developer_prefix = `xcode-select --print-path`.strip
xcode_app_path = File.expand_path('../..', developer_prefix)
......@@ -47,7 +48,7 @@ profile = ERB.new(DATA.read, 0, '>').result(TOPLEVEL_BINDING)
puts profile
command = ['/usr/bin/sandbox-exec', '-p', profile, pod_bin, *ARGV]
puts command
#puts command
exec *command
......@@ -98,6 +99,9 @@ __END__
#"^<%= pod_prefix %>"
#"^<%= xcode_app_path %>"
#"^<%= Pod::Config.instance.repos_dir %>"
<% prefixes.each do |prefix| %>
#"^<%= prefix %>/*"
<% end %>
)
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment