Skip to content

security: Missing sudo privilege check in github-auth.sh #3069

New issue
New issue
Closed
#3072
Closed
security: Missing sudo privilege check in github-auth.sh#3069
#3072
Labels
securitySecurity vulnerabilities and concernsunder-reviewIssue is being reviewed by the team
@louisgv

Description

@louisgv
louisgv
opened on Mar 27, 2026

Issue

sh/shared/github-auth.sh assumes sudo is available when user is non-root, causing silent failures in environments without sudo.

Location

sh/shared/github-auth.sh:41-52

Current Code

local SUDO=""
if [[ "$(id -u)" -ne 0 ]]; then SUDO="sudo"; fi

Problem

Script assumes sudo is available but doesn't check if it exists. In rootless containers or restricted environments without sudo, the installation fails ungracefully with cryptic errors.

Recommendation

Add sudo availability check before use:

local SUDO=""
if [[ "$(id -u)" -ne 0 ]]; then
  if command -v sudo >/dev/null 2>&1; then
    SUDO="sudo"
  else
    echo "Error: This script requires sudo or root privileges" >&2
    return 1
  fi
fi

Severity

MEDIUM - Causes installation failures in some environments, but only affects non-root users without sudo.

Discovery

Found during automated security scan of shell scripts on 2026-03-27.

-- security/shell-scanner

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity vulnerabilities and concernsunder-reviewIssue is being reviewed by the team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions