[MacPorts] #70016: destroot phase does not confine process to destroot directory
MacPorts
noreply at macports.org
Fri May 17 21:36:39 UTC 2024
#70016: destroot phase does not confine process to destroot directory
------------------------+--------------------
Reporter: mohd-akram | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: base | Version: 2.9.3
Keywords: | Port:
------------------------+--------------------
Currently, a portfile can write to anywhere outside the destroot directory
in the destroot phase. This is problematic because a port might not have
proper support for DESTDIR and might end up polluting directories outside
its scope. It's also problematic to have this phase run as root which I
imagine is not necessary in 99% of cases, and in cases where it might be
necessary (eg. chown, chmod), that should be handled in a declarative
manner ideally or at the very minimum be opt-in via destroot.asroot until
that option is available.
--
Ticket URL: <https://trac.macports.org/ticket/70016>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list