Clobber any existing sudo leases before execution to prevent malicious code gaining root privileges.
parent
557a55fbe5
commit
a0070e724b
|
@ -133,7 +133,8 @@ class Application extends BaseApplication
|
||||||
$input->setInteractive(false);
|
$input->setInteractive(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) {
|
if (!Platform::isWindows()) {
|
||||||
|
if (function_exists('posix_getuid') && posix_getuid() === 0) {
|
||||||
$io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
|
$io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
|
||||||
if ($uid = getenv('SUDO_UID')) {
|
if ($uid = getenv('SUDO_UID')) {
|
||||||
// Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
|
// Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
|
||||||
|
@ -141,6 +142,9 @@ class Application extends BaseApplication
|
||||||
exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
|
exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
|
||||||
|
exec("sudo -K > /dev/null 2>&1");
|
||||||
|
}
|
||||||
|
|
||||||
// switch working dir
|
// switch working dir
|
||||||
if ($newWorkDir = $this->getNewWorkingDir($input)) {
|
if ($newWorkDir = $this->getNewWorkingDir($input)) {
|
||||||
|
|
Loading…
Reference in New Issue