commit: 81dc05871392f5acbf5fadb5bb1991c737e42a5f
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 5 17:59:33 2023 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Mon Jun 5 17:59:33 2023 +0000
URL: https://gitweb.gentoo.org/proj/eselect.git/commit/?id=81dc0587
Sanitise PATH
* bin/eselect.in (PATH): Sanitise, remove Portage's internal
ebuild-helpers dir from it.
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
ChangeLog | 3 +++
bin/eselect.in | 13 ++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 701fb9c..fe99690 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
2023-06-05 Ulrich Müller <u...@gentoo.org>
+ * bin/eselect.in (PATH): Sanitise, remove Portage's internal
+ ebuild-helpers dir from it.
+
* bin/eselect.in (EPREFIX): Quote argument of ":" command.
This avoids globbing, see: https://www.shellcheck.net/wiki/SC2223
Add some more quotes throughout.
diff --git a/bin/eselect.in b/bin/eselect.in
index c59a09d..483a572 100755
--- a/bin/eselect.in
+++ b/bin/eselect.in
@@ -53,13 +53,24 @@ EROOT="${ROOT%${EPREFIX:+/}}${EPREFIX}"
"unalias" -a
unset -f rm
unset CDPATH GLOBIGNORE
-IFS=$' \t\n'
shopt -s extglob
shopt -s expand_aliases
umask +rx
+# Sanitise PATH: We don't want to execute Portage's internal helpers
+# if we're called from an ebuild.
+IFS=:
+read -r -d '' -a path <<<"${PATH}"
+for i in "${!path[@]}"; do
+ [[ ${path[i]} == */portage?(/*)/ebuild-helpers?(/*) ]] && unset
"path[i]"
+done
+PATH="${path[*]}"
+unset i path
+
+IFS=$' \t\n'
+
# Save stderr file descriptor
if (( BASH_VERSINFO[0] == 4 && BASH_VERSINFO[1] >= 1 || BASH_VERSINFO[0] > 4 ))
then
