Homebrew permissions on /usr/local/
elder-n00b opened this issue · comments
Considering the security and privacy context, I would caution about Homebrew downgrading permissions on /usr/local/
.
That allows any unprivileged user (and hence, process) to install potentially harmful executable files there.
This is why I initially refused to use Homebrew when I got a Mac, but people told me it'll be alright ... so I installed it eventually...
Is it possible to install as root instead? I believe I looked into that but they discouraged me doing it, as all scripts would then run as root
(why?).
What's a good solution? Just chown
everything when brew is not in use?
I install it on my home directory. Never gave me any trouble after all these years.
I install it on my home directory. Never gave me any trouble after all these years.
Well it's great that you got lucky.
This is a low to non-existent risk. If an adversary has code execution on your computer, the ability to write to a privileged /usr/local directory is perhaps the least of your concerns. If it bothers you, use a directory in $HOME.