Sure, as many other software with vulnerability, but with local software like br... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fibo on April 18, 2016 \| parent \| context \| favorite \| on: Remote code execution, git, and OS X Sure, as many other software with vulnerability, but with local software like brew (I wrote also [dotsoftware](http://g14n.info/dotsoftware) for the same reasons) you don't have it in your PATH so you are not using it. Using local software has many benefits, among others, a shorter release cycle.

dchest on April 18, 2016 [–]

As I said, one config mistake or running a script which uses /usr/bin/git and you're subject to RCE. For example, many GUI programs, such as Atom editor, when not launched from terminal, don't know your PATH.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact