homebrew - 检测到 Big Sur 潜在提权漏洞的乘客
问题描述
在 Big Sur上Passenger
使用的新安装。由于内部安装homebrew
的新位置(我来自一个El Capitan
盒子),不高兴,因为我可以从设置的权限中看到它。错误:homebrew
/opt/homebrew
Passenger
2021/03/19 09:22:16 [warn] 85#0: 1024 worker_connections exceed open file resource limit: 256
[ N 2021-03-19 09:22:16.2962 31353/T1 age/Wat/WatchdogMain.cpp:1373 ]: Starting Passenger watchdog...
[ N 2021-03-19 09:22:16.3519 31355/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2021-03-19 09:22:16.3521 31355/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ W 2021-03-19 09:22:16.3944 31355/T1 age/Cor/CoreMain.cpp:1007 ]: WARNING: potential privilege escalation vulnerability detected. Phusion Passenger is running as root, and part(s) of the Passenger root path (/opt/homebrew/opt/passenger/libexec/src/ruby_supportlib/phusion_passenger/locations.ini) can be changed by non-root user(s):
- /opt/homebrew/opt/passenger/libexec/src/ruby_supportlib/phusion_passenger/locations.ini is not secure: it can be modified by user rich
- /opt/homebrew/opt/passenger/libexec/src/ruby_supportlib/phusion_passenger is not secure: it can be modified by user rich
- /opt/homebrew/opt/passenger/libexec/src/ruby_supportlib is not secure: it can be modified by user rich
- /opt/homebrew/opt/passenger/libexec/src is not secure: it can be modified by user rich
- /opt/homebrew/opt/passenger/libexec is not secure: it can be modified by user rich
- /opt/homebrew/opt/passenger is not secure: it can be modified by user rich
- /opt/homebrew/opt is not secure: it can be modified by user rich
- /opt/homebrew is not secure: it can be modified by user rich
这是一种变暖,但我不确定它是跛行还是功能齐全。
我应该担心吗?我应该改变什么吗?这会消失吗?似乎它是这样设计的,但我看到了警告。
任何见解表示赞赏。谢谢你。
解决方案
推荐阅读
- mysql - mysql为空日期时间列返回0000-00-00 00:00:00
- azure-ad-b2c - 登录后如何使用 msal.js adb2c 访问 jwt
- terraform - Azure:未找到 Web 应用程序防火墙策略
- rust - 为什么这不是一个悬空指针?
- jboss - 来自 JBoss - RedHat codeready 的基于 Eclipse 的图形 Camel 编辑器是否仅适用于 xml 中的骆驼?
- windows-10 - 在 64 位机器上使用 Python 3.9 并生成 exe 将在 32 位机器上运行
- reactjs - 功能 useTranslation 不起作用 next-i18next
- javascript - 滚动到 React 中的单个映射标题名称
- r - 在 bslib 包和 shinydashboard 上
- python-3.x - 在 VS Code Linux 中安装 TA-lib 失败