commit f427df4ed4b2ec540d496abc4afa984b2dd677b4
Author: William Cohen <wcohen@redhat.com>
Date:   Thu Jun 2 09:44:38 2011 -0400

    Avoid blindly source $SETUP_FILE with '.' (PR3303383)
    
    There could be arbitrary commands in the $SETUP_FILE. The '.' command
    would blindly execute them. This change limits do_load_setup to only
    assigning values to variables.

diff --git a/utils/opcontrol b/utils/opcontrol
index cdff19f..b981427 100644
--- a/utils/opcontrol
+++ b/utils/opcontrol
@@ -496,12 +496,25 @@ do_load_setup()
 		     || mv "$SEC_SETUP_FILE" "$SETUP_FILE"
 	fi
 
-	if test -f "$SETUP_FILE"; then
-		# load the actual information from file
-		# FIXME this is insecure, arbitrary commands could be added to
-		# $SETUP_FILE and be executed as root
-		. $SETUP_FILE
-	fi
+	if test ! -f "$SETUP_FILE"; then return; fi
+
+	while IFS== read -r arg val; do
+		case "$arg" in
+			# The following catches anything that is not
+			# 0-9, a-z, A-Z, or an '_'
+			*[![:alnum:]_]*)
+				echo "Invalid variable \"$arg\" in $SETUP_FILE."
+				exit 1;;
+		esac
+		case "$val" in
+			# The following catches anything that is not
+			# 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/'
+			*[!-[:alnum:]_:,./]*) 
+				echo "Invalid value \"$val\" for $arg in $SETUP_FILE."
+				exit 1;;
+		esac
+		eval "${arg}=${val}"
+	done < $SETUP_FILE
 }