Skip to content

C
cocoapods
Commit bc38c7ed authored by Eloy Durán's avatar Eloy Durán
Browse files
Options

[Sandbox] Reading from paths that contain executables should be safe.

parent 48ead16b
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
bin/sandbox-pod
View file @ bc38c7ed
...@@ -37,6 +37,7 @@ ruby_prefix = RbConfig::CONFIG['prefix'] ...@@ -37,6 +37,7 @@ ruby_prefix = RbConfig::CONFIG['prefix']
prefixes = ['/bin', '/usr/bin'] prefixes = ['/bin', '/usr/bin']
prefixes << `brew --prefix`.strip unless `which brew`.strip.empty? prefixes << `brew --prefix`.strip unless `which brew`.strip.empty?
# TODO add MacPorts. More?
developer_prefix = `xcode-select --print-path`.strip developer_prefix = `xcode-select --print-path`.strip
xcode_app_path = File.expand_path('../..', developer_prefix) xcode_app_path = File.expand_path('../..', developer_prefix)
...@@ -47,7 +48,7 @@ profile = ERB.new(DATA.read, 0, '>').result(TOPLEVEL_BINDING) ...@@ -47,7 +48,7 @@ profile = ERB.new(DATA.read, 0, '>').result(TOPLEVEL_BINDING)
puts profile puts profile
command = ['/usr/bin/sandbox-exec', '-p', profile, pod_bin, *ARGV] command = ['/usr/bin/sandbox-exec', '-p', profile, pod_bin, *ARGV]
puts command #puts command
exec *command exec *command
...@@ -98,6 +99,9 @@ __END__ ...@@ -98,6 +99,9 @@ __END__
#"^<%= pod_prefix %>" #"^<%= pod_prefix %>"
#"^<%= xcode_app_path %>" #"^<%= xcode_app_path %>"
#"^<%= Pod::Config.instance.repos_dir %>" #"^<%= Pod::Config.instance.repos_dir %>"
<% prefixes.each do |prefix| %>
#"^<%= prefix %>/*"
<% end %>
) )
) )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment