From dfd22c641d74296441f56176abc8f5ad25290d56 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Fri, 1 Apr 2016 01:24:31 +0100 Subject: [PATCH] Bulletproof sudo clobbering, refs #5122 --- src/Composer/Console/Application.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php index 3c8da7801..c7edeef4a 100644 --- a/src/Composer/Console/Application.php +++ b/src/Composer/Console/Application.php @@ -133,17 +133,17 @@ class Application extends BaseApplication $input->setInteractive(false); } - if (!Platform::isWindows()) { + if (!Platform::isWindows() && function_exists('exec')) { if (function_exists('posix_getuid') && posix_getuid() === 0) { $io->writeError('Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted'); if ($uid = getenv('SUDO_UID')) { // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on // ref. https://github.com/composer/composer/issues/5119 - exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1"); + Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1"); } } // Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations - exec("sudo -K > /dev/null 2>&1"); + Silencer::call('exec', 'sudo -K > /dev/null 2>&1'); } // switch working dir