Browse Source

Clobber sudo credentials to prevent careless privilege escalations.

Niels Keurentjes 9 years ago
parent
commit
557a55fbe5
1 changed files with 9 additions and 0 deletions
  1. 9 0
      src/Composer/Console/Application.php

+ 9 - 0
src/Composer/Console/Application.php

@@ -133,6 +133,15 @@ class Application extends BaseApplication
                 $input->setInteractive(false);
             }
 
+            if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) {
+                $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
+                if ($uid = getenv('SUDO_UID')) {
+                    // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
+                    // ref. https://github.com/composer/composer/issues/5119
+                    exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+                }
+            }
+
             // switch working dir
             if ($newWorkDir = $this->getNewWorkingDir($input)) {
                 $oldWorkingDir = getcwd();