Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

brew.sh: Don't allow system tmp dirs as prefixes #4397

Merged
merged 14 commits into from Jul 3, 2018
Merged

brew.sh: Don't allow system tmp dirs as prefixes #4397

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
35138dd
brew.sh: Don't allow system tmp dirs as prefixes
woodruffw Jun 30, 2018
949c0cc
brew.sh: Use realpath to calculate tmpdir
woodruffw Jun 30, 2018
42bd544
brew.sh: Typo
woodruffw Jun 30, 2018
b6a0b04
brew.sh: Tweak language
woodruffw Jun 30, 2018
c552e65
brew.sh: Remove trailing / from prefix in message
woodruffw Jun 30, 2018
696a1d1
bin/brew: Set HOMEBREW_TEMP, allow export
woodruffw Jun 30, 2018
d7cdc9b
config: Ensure HOMEBREW_TEMP is absolute
woodruffw Jun 30, 2018
8e4aab9
brew.sh: Test HOMEBREW_TEMP, not hardcoded tmpdir
woodruffw Jun 30, 2018
72bc6b1
config: Remove /tmp fallback
woodruffw Jul 1, 2018
a8bcb5d
bin/brew: Revert allowing export of TEMP
woodruffw Jul 1, 2018
039a4ee
brew.sh: Move HOMEBREW_TEMP declaration
woodruffw Jul 1, 2018
bde7c6b
brew.sh: Use bashisms for default values
woodruffw Jul 1, 2018
68d3dc1
brew.sh: Only do tmpdir check on macOS
woodruffw Jul 1, 2018
fd01415
brew.sh: Upcase var, tweak error language
woodruffw Jul 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 14 additions & 0 deletions Library/Homebrew/brew.sh
View file
Open in desktop
Expand Up @@ -144,6 +144,7 @@ export HOMEBREW_BREW_FILE
export HOMEBREW_PREFIX
export HOMEBREW_REPOSITORY
export HOMEBREW_LIBRARY
export HOMEBREW_TEMP

# Declared in brew.sh
export HOMEBREW_VERSION
Expand Down Expand Up @@ -294,6 +295,19 @@ EOS
}
check-run-command-as-root

check-prefix-is-not-tmpdir() {
if [[ "${HOMEBREW_PREFIX}" = "${HOMEBREW_TEMP}"* ]]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wants guarded to macOS only, check against the system temp rather than just HOMEBREW_TEMP (maybe a HOMEBREW_SYSTEM_TEMP var?) and use that directory in the output, too.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HOMEBREW_SYSTEM_TEMP could be potentially used wherever private/tmp is hardcoded, too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check against the system temp rather than just HOMEBREW_TEMP

I might be misunderstanding, but: won't this leave open the case where they set both their prefix and their temp to something weird, e.g., $HOME? We want to stop all situations where Homebrew is both installing to and using the same prefix as a temporary directory, not just /private/tmp.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@woodruffw Ok so is it fine to e.g. have the prefix in /tmp if HOMEBREW_TEMP is set elsewhere?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, exactly.

then
odie <<EOS
Your HOMEBREW_PREFIX is in the system temporary directory, which Homebrew
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe worth just saying e.g. /private/tmp? Also, should we do this on Linux or with a different directory?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought that the connection between /tmp and /private/tmp might confuse some users (Apple links /tmp to /private/tmp for FHS compliance), so I just went with "system temporary directory." I can change it/add those directories to the message if you think it'll improve the error, though.

The relocation code at fault isn't used on Linux, so Linuxbrew users might not encounter this problem at all. I'll confirm that in a bit with some local testing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HOMEBREW_TEMP isn't necessary the system temporary directory. To expand on my previous comment (and avoid the autohiding): is the issue if:

  • the prefix is in the system temporary directory
  • the prefix is the in the HOMEBREW_TEMP temporary directory
  • either

We should ensure that the wording makes that clear and the logic is as minimal as possible to the actual problems we've seen people experience.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue is when the prefix is in the HOMEBREW_TEMP temporary directory. I'll correct the language here 🙂

uses to store downloads and builds. You can resolve this by installing Homebrew to
either the standard prefix (/usr/local) or to a non-standard prefix that is not
in the system temporary directory.
EOS
fi
}
check-prefix-is-not-tmpdir

if [[ "$HOMEBREW_PREFIX" = "/usr/local" &&
"$HOMEBREW_PREFIX" != "$HOMEBREW_REPOSITORY" &&
"$HOMEBREW_CELLAR" = "$HOMEBREW_REPOSITORY/Cellar" ]]
Expand Down
2 changes: 1 addition & 1 deletion Library/Homebrew/config.rb
View file
Open in desktop
Expand Up @@ -39,7 +39,7 @@
HOMEBREW_LOGS = Pathname.new(ENV["HOMEBREW_LOGS"] || "~/Library/Logs/Homebrew/").expand_path

# Must use /tmp instead of $TMPDIR because long paths break Unix domain sockets
HOMEBREW_TEMP = Pathname.new(ENV.fetch("HOMEBREW_TEMP", "/tmp"))
HOMEBREW_TEMP = Pathname.new(ENV.fetch("HOMEBREW_TEMP", "/tmp")).realpath
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will never be unset/set to /tmp now.


unless defined? HOMEBREW_LIBRARY_PATH
# Root of the Homebrew code base
Expand Down
3 changes: 2 additions & 1 deletion bin/brew
View file
Open in desktop
Expand Up @@ -21,6 +21,7 @@ symlink_target_directory() {
BREW_FILE_DIRECTORY="$(quiet_cd "${0%/*}/" && pwd -P)"
HOMEBREW_BREW_FILE="${BREW_FILE_DIRECTORY%/}/${0##*/}"
HOMEBREW_PREFIX="${HOMEBREW_BREW_FILE%/*/*}"
HOMEBREW_TEMP="${HOMEBREW_TEMP:-/private/tmp}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this upset Linux? Worth setting in brew.sh to a different default for macOS and not-macOS?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, /private/tmp is macOS only. Moving it to brew.sh sounds good.


# Default to / prefix if unset or the bin/brew file.
if [[ -z "$HOMEBREW_PREFIX" || "$HOMEBREW_PREFIX" = "$HOMEBREW_BREW_FILE" ]]
Expand Down Expand Up @@ -72,7 +73,7 @@ then

FILTERED_ENV=()
# Filter all but the specific variables.
for VAR in HOME SHELL PATH TERM COLUMNS LOGNAME USER CI TRAVIS SSH_AUTH_SOCK SUDO_ASKPASS \
for VAR in HOME SHELL PATH TEMP TERM COLUMNS LOGNAME USER CI TRAVIS SSH_AUTH_SOCK SUDO_ASKPASS \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we want to add this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I misread this code. I thought this was explicitly whitelisting HOMEBREW_TEMP, but I guess it would clobber it instead.

http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY \
"${!HOMEBREW_@}" "${!TRAVIS_@}"
do
Expand Down