From 65efea4d3a28c866f42d09b73e17afdf56b44f2e Mon Sep 17 00:00:00 2001
From: P. J. McDermott <pj@pehjota.net>
Date: Mon, 07 Dec 2015 17:54:51 -0500
Subject: cmd_*_main(): Load /etc/os-release in a subshell

Limit the effects of this sort of arbitrary code execution, or at least
avoid cluttering the namespace.
---
(limited to 'src/cmd/build.sh')

diff --git a/src/cmd/build.sh b/src/cmd/build.sh
index 8d12691..1d2f232 100644
--- a/src/cmd/build.sh
+++ b/src/cmd/build.sh
@@ -70,8 +70,7 @@ cmd_build_main()
 		cmd_build_pkg_dir="${arg}"
 	done
 
-	. "${root}/etc/os-release"
-	profile_set "${ID}"
+	profile_set "$(. "${root}/etc/os-release" && printf '%s' "${ID}")"
 
 	if ! [ -d "${cmd_build_pkg_dir}" ]; then
 		error 2 "$(get_msg 'cmd_build_not_a_dir')" \
--
cgit v0.9.1