1
0
Fork 0

Clobber any existing sudo leases before execution to prevent malicious code gaining root privileges.

pull/5122/head
Niels Keurentjes 2016-03-28 13:10:43 +02:00
parent 557a55fbe5
commit a0070e724b
1 changed files with 10 additions and 6 deletions

View File

@ -133,13 +133,17 @@ class Application extends BaseApplication
$input->setInteractive(false); $input->setInteractive(false);
} }
if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) { if (!Platform::isWindows()) {
$io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>'); if (function_exists('posix_getuid') && posix_getuid() === 0) {
if ($uid = getenv('SUDO_UID')) { $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
// Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on if ($uid = getenv('SUDO_UID')) {
// ref. https://github.com/composer/composer/issues/5119 // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1"); // ref. https://github.com/composer/composer/issues/5119
exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
}
} }
// Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
exec("sudo -K > /dev/null 2>&1");
} }
// switch working dir // switch working dir