It doesn't have to be a malicious attack, either: just a simple bug in the build system would suffice.
But that's exactly what Macports does in its default configuration, and that's what Homebrew would require if you used it with a non-writeable /usr/local.
When you build software by hand, without a package manager, do you ever do it as root? I sure don't. This is Mac OS X we're talking about: if you've written an exploit like that, why would you bother attacking apps in a directory that doesn't even exist on the vast majority of Mac installs when you could just as easily modify something in /Applications instead, and exploit practically all of them?Īnyway, back to the dangers of using sudo with Homebrew or Macports. I think it's much more likely that something bad will happen during a build with 'sudo brew install some-package' than someone successfully hijacking, say, my Safari session and then installing a trojan in my user-writable /usr/local directory.
