From 65efea4d3a28c866f42d09b73e17afdf56b44f2e Mon Sep 17 00:00:00 2001 From: P. J. McDermott Date: Mon, 07 Dec 2015 17:54:51 -0500 Subject: cmd_*_main(): Load /etc/os-release in a subshell Limit the effects of this sort of arbitrary code execution, or at least avoid cluttering the namespace. --- (limited to 'src/cmd') diff --git a/src/cmd/build.sh b/src/cmd/build.sh index 8d12691..1d2f232 100644 --- a/src/cmd/build.sh +++ b/src/cmd/build.sh @@ -70,8 +70,7 @@ cmd_build_main() cmd_build_pkg_dir="${arg}" done - . "${root}/etc/os-release" - profile_set "${ID}" + profile_set "$(. "${root}/etc/os-release" && printf '%s' "${ID}")" if ! [ -d "${cmd_build_pkg_dir}" ]; then error 2 "$(get_msg 'cmd_build_not_a_dir')" \ diff --git a/src/cmd/opkg.sh b/src/cmd/opkg.sh index e1fc8ce..44a22bd 100644 --- a/src/cmd/opkg.sh +++ b/src/cmd/opkg.sh @@ -78,8 +78,7 @@ cmd_opkg_main() fi done - . "${root}/etc/os-release" - profile_set "${ID}" + profile_set "$(. "${root}/etc/os-release" && printf '%s' "${ID}")" session_begin "${root}" . cmd_opkg_fini false diff --git a/src/cmd/shell.sh b/src/cmd/shell.sh index 468da0f..f6eb3d3 100644 --- a/src/cmd/shell.sh +++ b/src/cmd/shell.sh @@ -37,8 +37,7 @@ cmd_shell_main() root="$(block_mount "${dev}")" fi - . "${root}/etc/os-release" - profile_set "${ID}" + profile_set "$(. "${root}/etc/os-release" && printf '%s' "${ID}")" session_begin "${root}" . : false if [ ${#} -eq 0 ]; then -- cgit v0.9.1