Open
Description
(iirc, the reason we use an intermediate shell has to do with Ruby 1.8 and 1.9/2.x differences)
When we drop Ruby 1.8.7 support, we should:
- Make the download commands use arrays of commands instead of string commands, this way we can spawn subprocesses without the need for a shell. This ensures we’ll no longer have the chance for breakage related to spaces in paths and/or other characters that might need to be spaced before using in a shell.
- Use OS X sandboxing to limit access of the invoked command to just network access and write access to the destination dir. This ensures that a command (coming from a podspec's source attribute) can no longer inject malicious commands that invokes commands other than the download command in question (e.g.
git) and cannot make FS changes outside of the destination dir where it is expected to make changes.