From 557a55fbe5f5a8e47293c8365189dbbc2b7450db Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels.keurentjes@omines.com>
Date: Sun, 27 Mar 2016 23:42:39 +0200
Subject: [PATCH 1/2] Clobber sudo credentials to prevent careless privilege
 escalations.

---
 src/Composer/Console/Application.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php
index dc06615a1..ec5f4cef3 100644
--- a/src/Composer/Console/Application.php
+++ b/src/Composer/Console/Application.php
@@ -133,6 +133,15 @@ class Application extends BaseApplication
                 $input->setInteractive(false);
             }
 
+            if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) {
+                $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
+                if ($uid = getenv('SUDO_UID')) {
+                    // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
+                    // ref. https://github.com/composer/composer/issues/5119
+                    exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+                }
+            }
+
             // switch working dir
             if ($newWorkDir = $this->getNewWorkingDir($input)) {
                 $oldWorkingDir = getcwd();

From a0070e724bf8bd1519e7ad36e19f813773dfc6b6 Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels.keurentjes@omines.com>
Date: Mon, 28 Mar 2016 13:10:43 +0200
Subject: [PATCH 2/2] Clobber any existing sudo leases before execution to
 prevent malicious code gaining root privileges.

---
 src/Composer/Console/Application.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php
index ec5f4cef3..3c8da7801 100644
--- a/src/Composer/Console/Application.php
+++ b/src/Composer/Console/Application.php
@@ -133,13 +133,17 @@ class Application extends BaseApplication
                 $input->setInteractive(false);
             }
 
-            if (!Platform::isWindows() && function_exists('posix_getuid') && posix_getuid() === 0) {
-                $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
-                if ($uid = getenv('SUDO_UID')) {
-                    // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
-                    // ref. https://github.com/composer/composer/issues/5119
-                    exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+            if (!Platform::isWindows()) {
+                if (function_exists('posix_getuid') && posix_getuid() === 0) {
+                    $io->writeError('<warning>Running composer as root is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
+                    if ($uid = getenv('SUDO_UID')) {
+                        // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
+                        // ref. https://github.com/composer/composer/issues/5119
+                        exec("sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");
+                    }
                 }
+                // Silently clobber any remaining sudo leases on the current user as well to avoid privilege escalations
+                exec("sudo -K > /dev/null 2>&1");
             }
 
             // switch working dir