From 5f3304028b6985fd380fc77c4840ff12a4898301 Mon Sep 17 00:00:00 2001 From: isaacs Date: Wed, 4 Dec 2019 20:05:53 +0000 Subject: [PATCH] fix: Do not drop perms in git when not root Fix: https://github.com/npm/cli/issues/476 PR-URL: https://github.com/npm/pacote/pull/23 Credit: @isaacs Close: #23 Reviewed-by: @darcyclarke --- lib/util/git.js | 7 +++++-- test/git.mkopts.uid.js | 22 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 test/git.mkopts.uid.js diff --git a/lib/util/git.js b/lib/util/git.js index 7991833a..d2282bae 100644 --- a/lib/util/git.js +++ b/lib/util/git.js @@ -234,14 +234,17 @@ function spawnGit (gitArgs, gitOpts, opts) { }) } +module.exports._mkOpts = mkOpts function mkOpts (_gitOpts, opts) { const gitOpts = { env: gitEnv() } - if (+opts.uid && !isNaN(opts.uid)) { + const isRoot = process.getuid && process.getuid() === 0 + // don't change child process uid/gid if not root + if (+opts.uid && !isNaN(opts.uid) && isRoot) { gitOpts.uid = +opts.uid } - if (+opts.gid && !isNaN(opts.gid)) { + if (+opts.gid && !isNaN(opts.gid) && isRoot) { gitOpts.gid = +opts.gid } Object.assign(gitOpts, _gitOpts) diff --git a/test/git.mkopts.uid.js b/test/git.mkopts.uid.js new file mode 100644 index 00000000..b0b6eefa --- /dev/null +++ b/test/git.mkopts.uid.js @@ -0,0 +1,22 @@ +'use strict' +const t = require('tap') +const { _mkOpts: mkOpts } = require('../lib/util/git.js') +const getuid = process.getuid + +t.test('mkOpts sets perms when root', t => { + t.teardown(() => { + process.getuid = getuid + }) + process.getuid = () => 0 + t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: 1234, gid: 1234 }) + t.end() +}) + +t.test('mkOpts does not set perms when not root', t => { + t.teardown(() => { + process.getuid = getuid + }) + process.getuid = () => 4321 + t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: undefined, gid: undefined }) + t.end() +})