Fix handling of plugin activation when running as root

When running without `COMPOSER_ALLOW_SUPERUSER` set so it always happens after prompting, or does not happen if input is non-interactive. Also fixed support for bash completions hanging when running as root Fixes #11024
2022-09-14 15:41:09 +02:00 · 2022-09-14 15:41:09 +02:00 · a75fbf0e6a
parent d6411ffae8
commit a75fbf0e6a
2 changed files with 49 additions and 20 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,7 @@
 ### [2.4.2] 2022-09-14

+  * Fixed bash completion hanging when running as root without `COMPOSER_ALLOW_SUPERUSER` set (#11024)
+  * Fixed handling of plugin activation when running as root without `COMPOSER_ALLOW_SUPERUSER` set so it always happens after prompting, or does not happen if input is non-interactive
  * Fixed package filter on `bump` command (#11053)
  * Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037)
  * Fixed handling of `COMPOSER_DISCARD_CHANGES` when set to `0`
--- a/src/Composer/Console/Application.php
+++ b/src/Composer/Console/Application.php
@ -205,6 +205,28 @@ class Application extends BaseApplication
            }
        }

+        $needsSudoCheck = !Platform::isWindows()
+            && function_exists('exec')
+            && !Platform::getEnv('COMPOSER_ALLOW_SUPERUSER')
+            && (ini_get('open_basedir') || !file_exists('/.dockerenv'));
+        $isNonAllowedRoot = false;
+
+        // Clobber sudo credentials if COMPOSER_ALLOW_SUPERUSER is not set before loading plugins
+        if ($needsSudoCheck) {
+            $isNonAllowedRoot = function_exists('posix_getuid') && posix_getuid() === 0;
+
+            if ($isNonAllowedRoot) {
+                if ($uid = (int) Platform::getEnv('SUDO_UID')) {
+                    // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
+                    // ref. https://github.com/composer/composer/issues/5119
+                    Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+                }
+            }
+
+            // Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
+            Silencer::call('exec', 'sudo -K > /dev/null 2>&1');
+        }
+
        // avoid loading plugins/initializing the Composer instance earlier than necessary if no plugin command is needed
        // if showing the version, we never need plugin commands
        $mayNeedPluginCommand = false === $input->hasParameterOption(['--version', '-V'])
@ -216,6 +238,21 @@ class Application extends BaseApplication
            );

        if ($mayNeedPluginCommand && !$this->disablePluginsByDefault && !$this->hasPluginCommands) {
+            // at this point plugins are needed, so if we are running as root and it is not allowed we need to prompt
+            // if interactive, and abort otherwise
+            if ($isNonAllowedRoot) {
+                $io->writeError('<warning>Do not run Composer as root/super user! See https://getcomposer.org/root for details</warning>');
+
+                if ($io->isInteractive() && $io->askConfirmation('<info>Continue as root/super user</info> [<comment>yes</comment>]? ')) {
+                    // avoid a second prompt later
+                    $isNonAllowedRoot = false;
+                } else {
+                    $io->writeError('<warning>Aborting as no plugin should be loaded if running as super user is not explicitly allowed</warning>');
+
+                    return 1;
+                }
+            }
+
            try {
                foreach ($this->getPluginCommands() as $command) {
                    if ($this->has($command->getName())) {
@ -245,6 +282,10 @@ class Application extends BaseApplication
            $this->hasPluginCommands = true;
        }

+        if ($isNonAllowedRoot && !$io->isInteractive()) {
+            $this->disablePluginsByDefault = true;
+        }
+
        // determine command name to be executed incl plugin commands, and check if it's a proxy command
        $isProxyCommand = false;
        if ($name = $this->getCommandName($input)) {
@ -277,14 +318,8 @@ class Application extends BaseApplication
                $io->writeError(sprintf('<warning>Warning: This development build of Composer is over 60 days old. It is recommended to update it by running "%s self-update" to get the latest version.</warning>', $_SERVER['PHP_SELF']));
            }

-            if (
-                !Platform::isWindows()
-                && function_exists('exec')
-                && !Platform::getEnv('COMPOSER_ALLOW_SUPERUSER')
-                && (ini_get('open_basedir') || !file_exists('/.dockerenv'))
-            ) {
-                if (function_exists('posix_getuid') && posix_getuid() === 0) {
-                    if ($commandName !== 'self-update' && $commandName !== 'selfupdate') {
+            if ($isNonAllowedRoot) {
+                if ($commandName !== 'self-update' && $commandName !== 'selfupdate' && $commandName !== '_complete') {
                    $io->writeError('<warning>Do not run Composer as root/super user! See https://getcomposer.org/root for details</warning>');

                    if ($io->isInteractive()) {
@ -293,14 +328,6 @@ class Application extends BaseApplication
                        }
                    }
                }
-                    if ($uid = (int) Platform::getEnv('SUDO_UID')) {
-                        // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
-                        // ref. https://github.com/composer/composer/issues/5119
-                        Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
-                    }
-                }
-                // Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
-                Silencer::call('exec', 'sudo -K > /dev/null 2>&1');
            }

            // Check system temp folder for usability as it can cause weird runtime issues otherwise