From a0070e724bf8bd1519e7ad36e19f813773dfc6b6 Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels.keurentjes@omines.com>
Date: Mon, 28 Mar 2016 13:10:43 +0200
Subject: [PATCH] Clobber any existing sudo leases before execution to prevent
malicious code gaining root privileges.
---
src/Composer/Console/Application.php | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php
index ec5f4cef3..3c8da7801 100644
--- a/src/Composer/Console/Application.php
+++ b/src/Composer/Console/Application.php
@@ -133,13 +133,17 @@ class Application extends BaseApplication
$input->setInteractive(false);
}
- if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) {
- $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
- if ($uid = getenv('SUDO_UID')) {
- // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
- // ref. https://github.com/composer/composer/issues/5119
- exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+ if (!Platform::isWindows()) {
+ if (function_exists('posix_getuid') && posix_getuid() === 0) {
+ $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
+ if ($uid = getenv('SUDO_UID')) {
+ // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
+ // ref. https://github.com/composer/composer/issues/5119
+ exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+ }
}
+ // Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
+ exec("sudo -K > /dev/null 2>&1");
}
// switch working dir