It might be possible for a project using Foreman to replace a commonly used tool like Rojo with a binary from a different source that could be malicious.
Do we think it's a concern that running rojo in a freshly-cloned directory could execute arbitrary code?
One possible guard would be needing to 'trust' any new source that tools are downloaded from. The first time a user tries to run a tool from rojo-rbx/rojo, Foreman would ask if it's okay.
On CI machines, we could add a flag like --always-trust-sources that lets us bypass this prompt.
It might be possible for a project using Foreman to replace a commonly used tool like Rojo with a binary from a different source that could be malicious.
Do we think it's a concern that running
rojoin a freshly-cloned directory could execute arbitrary code?One possible guard would be needing to 'trust' any new source that tools are downloaded from. The first time a user tries to run a tool from
rojo-rbx/rojo, Foreman would ask if it's okay.On CI machines, we could add a flag like
--always-trust-sourcesthat lets us bypass this prompt.