4

Some people prefer the latest Bash version for macOS (because /bin/bash is still a version in the 3.x range).

This can be changed with this:

brew install bash
chsh -s /opt/homebrew/bin/bash

However, what are the implications and possible complications of using a path that is user writable and potentially vulnerable to corruption, such as

  • accidental deletion of the referenced login shell,
  • destruction of the /opt/homebrew/bin/bash symlink, which normally points to a specific version of bash,
  • malicious software that may exchange the symlink and replace it with a Bitcoin miner

etc.

Improve this question
0

2 Answers 2

Reset to default
5

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

  • using a dedicated user with admin rights to maintain the homebrew installation (to avoid accidential or malicious insertion of backdoored commands in the homebrew bin directory during daily use),
  • creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
  • using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.

Improve this answer
-1

The implications are just what you think they are, and that’s why nobody who cares about security should use Homebrew for anything serious, or at all.

Installing Homebrew as recommended means that from then on, any process or application you launch can write anything it wants into the first directory that gets searched for command line binaries, change its mode to execute and give it the same name as a system binary. It will then run instead of the system binary whenever you type the program with the same name in the command line (unless you type the full path to it). The potential for exploitation is vast. Few people if any ever type the full path to workaday binaries like ls, find, cat, sudo and many others. And as shown in my example, any of these could be hijacked to perform different operations thanks to the way Homebrew is installed. This can be done and cleaned up in such a way that you’d never know it had happened.

how Homebrew invites users to get pwned (applehelpwriter.com)

Homebrew makes several questionable design decisions, but one of these deserves its own section: the choice to explicitly eschew root (in fact, it will refuse to work at all if run this way). This fundamentally is a very bad idea: package managers that install software for all users of your computer, as Homebrew does by default, should always require elevated privileges to function correctly. This decision has important consequences for both security and usability, especially with the advent of System Integrity Protection in OS X El Capitan.

Thoughts on macOS Package Managers (saagarjha.com)

Improve this answer
2
  • 1
    While there is some good advice in that article, a lot of the issues are exaggerated and can, at least on Apple Silicon machines, be easily resolved. And even for Intel systems, the solution is directly in the comments there. Commented Mar 24, 2025 at 18:26
  • I think this one states the problem better: saagarjha.com/blog/2019/04/26/… Commented Mar 24, 2025 at 20:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.