Stop use of intermediate shell and sandbox commands. #37

alloy · 2014-09-30T12:03:48Z

(iirc, the reason we use an intermediate shell has to do with Ruby 1.8 and 1.9/2.x differences)

When we drop Ruby 1.8.7 support, we should:

Make the download commands use arrays of commands instead of string commands, this way we can spawn subprocesses without the need for a shell. This ensures we’ll no longer have the chance for breakage related to spaces in paths and/or other characters that might need to be spaced before using in a shell.
Use OS X sandboxing to limit access of the invoked command to just network access and write access to the destination dir. This ensures that a command (coming from a podspec's source attribute) can no longer inject malicious commands that invokes commands other than the download command in question (e.g. git) and cannot make FS changes outside of the destination dir where it is expected to make changes.

The text was updated successfully, but these errors were encountered:

segiddins · 2015-03-29T23:38:04Z

This was 1/2 done in #43. The sandboxing bit still hasn't been addressed, though.

alloy added t1:enhancement s3:detailed d3:hard labels Sep 30, 2014

alloy self-assigned this Sep 30, 2014

segiddins closed this as completed Mar 29, 2015

segiddins reopened this Mar 29, 2015

Provide feedback