Homebrew permissions on /usr/local/

Question

Homebrew permissions on /usr/local/

elder-n00b opened this issue 3 years ago · comments

Considering the security and privacy context, I would caution about Homebrew downgrading permissions on /usr/local/.
That allows any unprivileged user (and hence, process) to install potentially harmful executable files there.

Linus Xanoni · Answer 1 · Fri Sep 10 2021 04:42:51 GMT+0800 (China Standard Time)

This is why I initially refused to use Homebrew when I got a Mac, but people told me it'll be alright ... so I installed it eventually...

Is it possible to install as root instead? I believe I looked into that but they discouraged me doing it, as all scripts would then run as root (why?).

What's a good solution? Just chown everything when brew is not in use?

LaSombra · Answer 2 · Fri Sep 10 2021 17:17:01 GMT+0800 (China Standard Time)

I install it on my home directory. Never gave me any trouble after all these years.

Linus Xanoni · Answer 3 · Sat Sep 11 2021 13:21:14 GMT+0800 (China Standard Time)

I install it on my home directory. Never gave me any trouble after all these years.

Well it's great that you got lucky.

drduh · Answer 4 · Mon Oct 25 2021 02:44:48 GMT+0800 (China Standard Time)

This is a low to non-existent risk. If an adversary has code execution on your computer, the ability to write to a privileged /usr/local directory is perhaps the least of your concerns. If it bothers you, use a directory in $HOME.