- #Vim brew macports install#
- #Vim brew macports update#
- #Vim brew macports software#
- #Vim brew macports code#
- #Vim brew macports download#
MacPorts allows the installation of a number of packages by entering the command sudo port install packagename in the Terminal, which will then download, compile if necessary, and install the requested software, while also installing any required dependencies automatically. It's similar in function to Fink and the BSD ports collections.
#Vim brew macports software#
It is an open-source software project that aims to simplify the installation of other open source software. And the resulting environment on your system in /opt is - as a result - better protected.MacPorts, formerly called DarwinPorts, is a package management system that simplifies the installation of software on the macOS and Darwin operating systems.
#Vim brew macports download#
Given that you download Ports from a common repo with reasonably strict access control, the risk is minimal, I think.
The MacPorts system installs software using su privileges, so you have to trust the fact that the "Port" has not been tampered with using patches or alternate source downloads (MacPorts compiles software, no binaries are downloaded, which I think is an advantage as well). I started out with homebrew (as it is mentioned everywhere) but as homebrew does not have (probably is pretty much incapable in a reasonable way) postfix, I started looking into MacPorts and got convinced MacPorts is better (for me). So, on my macOS Server, where I am running postfix, dovecot, nginx, minio, etc. The price to pay is that you have to do all the LCM and patching (by updating ports).
#Vim brew macports update#
MacPorts having its own library tree and being fully independent from macOS itself is also important for me, I don't want a macOS update kill my MacPorts additions (as these are services multiple users will depend on them). The fact that homebrew opens up /usr/local has been one of the reasons for me to move to MacPorts (the other was that MacPorts is better when the target is system-level additions, which may include all kinds of things that require su privileges to install properly so they are installed safely). If an attacker / malware / etc has already gotten inside your account, then they have all your data, it's only a matter of time until they keylog you typing your sudo password, so do you really care whether they install further malware in /usr/local/bin or put it in /home/myuser and add that to your path? The end result is the same. Single-user personal computerįor all intents and purposes, there is only one user on your laptop. So I would agree with you that this is a problem on a multi-user server.
#Vim brew macports code#
Therefore I could put a malacious program called ls in /usr/local/bin and the next time someone tries to navigate the filesystem, my code will run inside their user account. So assuming that other users have the same bash config as me, then it looks in /usr/local/bin first. usr/local/bin:/usr/bin:/home/mike/bin:/usr/local/sbin:/usr/sbin I don't have access to a Mac, but I assume my linux box is similar enough /usr/local/bin is empty (nothing to replace) but $ echo $PATH On a multi-user system like a server where there are other users logged in, this would be a big problem. How big of a problem is this? Multi-user system What are the risks?Īs you point out, your user (or anyone in the admin group, or any virus that manages to run as you) can now install software, including over-writing default system stuff. Homebrew changes the permissions of /usr/local/bin from the default drwxr-xr-x root wheel to the less secure drwxrwxr-x myuser admin. If I am understanding your question correctly, it boils down to:
Looks to me as if /usr/local/bin is wide open and the binaries there can in effect take the place of any Apple programs. I realize that installing hacked stuff is going to end badly regardless, so, assuming brew/port are OK and the installed package isn't corrupted either, what about the implications of either approach when it comes to other malware trying to alter your system? Is there a real difference between those 2 approaches? What happens if either port or brew itself has been hacked? What if the package you're installing has been hacked? I believe, from, that /usr/local/bin, before homebrew, starts out as root-writeable only: drwxr-xr-x 26 root wheel - 884 Oct 17 03:36 bin Trimming out other software, this is my $PATH order: /opt/local/bin #macports Cellar/packer/1.2.5/bin/packerĭrwxrwxr-x 41 myuser admin 1394 7 Aug 14:28 bin Lrwxr-xr-x 1 myuser admin 33 7 Aug 14:28 /usr/local/bin/packer ->. Sudo port install tesseract homebrew bin$ which packer rwxr-xr-x 1 root admin 28120 /opt/local/bin/tesseractĭrwxr-xr-x 719 root admin 24446 6 Aug 19:55 bin
Binaries are useable from /opt/local/bin/, i.e.
0 kommentar(er)
