public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

fix command injection from the environment when run as root

pull/5245/head
Derek Marcotte 2016-04-25 15:08:09 -04:00
parent 5292f2b402
commit 3a03b51ae3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Composer/Console/Application.php
View File

@ -146,7 +146,7 @@ class Application extends BaseApplication
if ($commandName !== 'self-update' && $commandName !== 'selfupdate') { if ($commandName !== 'self-update' && $commandName !== 'selfupdate') {
$io->writeError('<warning>Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>'); $io->writeError('<warning>Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
} }
if ($uid = getenv('SUDO_UID')) { if ($uid = (int) getenv('SUDO_UID')) {
// Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
// ref. https://github.com/composer/composer/issues/5119 // ref. https://github.com/composer/composer/issues/5119
Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1"); Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");