search

dbgrandi / cocoapods-play

Plugin for playing with Swift based pods
MIT License
17 stars 0 forks source link

Safety of Playground files #1

Closed jackwu95 closed 10 years ago

jackwu95 commented 10 years ago

As noted in the Xcode 6 beta release notes yesterday:

Playgrounds are not currently sandboxed. They run with the full permissions of the logged in 
user. Care should be taken before opening playgrounds obtained from others. Before opening 
the playground you can inspect the code in a playground by looking in ".swift" files inside the 
playground wrapper. Control click the playground in Finder and choose Show Package 
Contents to see the contents of that playground. (16773467)!

I think a warning in the readme or ideally something warning people to check the source code before running is important. People have noted that you can run rm -rf in Playgrounds and it would directly execute.

dbgrandi commented 10 years ago

@jackwu95, excellent point. I put it in the README but not in the plugin.

While this warning could apply to almost any code you download and run, the fact that playgrounds are automatically run unless you open them in a special way is a good reason to explicitly state this at least once.