From 1f835d35c11f00b4b3680bd4b32363c8043bcbc1 Mon Sep 17 00:00:00 2001
From: taukakao <joheyy@protonmail.com>
Date: Wed, 31 Jul 2024 00:38:13 +0000
Subject: [PATCH] prevents privilege escalation

---
 vanilla_first_setup/utils/processor.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vanilla_first_setup/utils/processor.py b/vanilla_first_setup/utils/processor.py
index 5a51b12..88ff8ba 100644
--- a/vanilla_first_setup/utils/processor.py
+++ b/vanilla_first_setup/utils/processor.py
@@ -129,6 +129,9 @@ def get_setup_commands(log_path, pre_run, post_run, commands):
 
                 f.write(f"{command}\n")
 
+            # prevent privilege escalation
+            f.write(f"chown root:root {commands_script_path}\n")
+
             # run the outRun commands
             if out_run:
                 f.write("if [ $? -eq 0 ]; then")