This article goes into depth on how Homebrew opens OSX to a number of security issues. One is a malicious program acquiring the administrators password. Most of it stems in Homebrew’s modification of /usr/local/bin for r/w by a non-root user. By doing this, an installed brew app can modify other binaries in this path, for instance sudo. Homebrew defaults it’s path to prefix /usr/local/bin:/usr/bin and therefore the malicious app can take advantage of this.
The article is as follows:
More vulnerabilities here:
The author claims that Macports is more secure because the installed explicitly uses root privilege during package installation.
Are there any security experts out there that can comment on the security impact of using Homebrew (and Macports while we are discussing this)? Should I just use all my Unix applications in a emulated VirtualBox session with Linux to truly be secure?
Thanks for any insight you may have.