ebuild.sh: Completely ban external commands in global scope

Set PATH to /dev/null when sourcing the ebuild for dependency resolution in order to prevent shell from finding external commands via PATH lookup. While this does not prevent executing programs via full path, it should catch the majority of accidental uses. Closes: https://github.com/gentoo/portage/pull/199 Reviewed-by: Zac Medico <zmedico@gentoo.org>
author: Michał Górny <mgorny@gentoo.org> 2017-08-31 22:29:50 +0200
committer: Michał Górny <mgorny@gentoo.org> 2017-09-11 22:32:46 +0200
commit: fb2459330cf226ee34d3875a1143531bd109aaf2 (patch)
tree: 5d8c479a30784631eaa632d25897ce1c445284e6 /bin/isolated-functions.sh
parent: repoman: Update --bug/--closes description for bugs.g.o hooks (diff)
download: portage-fb2459330cf226ee34d3875a1143531bd109aaf2.tar.gz
portage-fb2459330cf226ee34d3875a1143531bd109aaf2.tar.bz2
portage-fb2459330cf226ee34d3875a1143531bd109aaf2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
index e320f7132..b28e44f18 100644
--- a/bin/isolated-functions.sh
+++ b/bin/isolated-functions.sh
@@ -121,6 +121,10 @@ __helpers_die() {
 }
 
 die() {
+	# restore PATH since die calls basename & sed
+	# TODO: make it pure bash
+	[[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
+
 	set +x # tracing only produces useless noise here
 	local IFS=$' \t\n'
author	Michał Górny <mgorny@gentoo.org>	2017-08-31 22:29:50 +0200
committer	Michał Górny <mgorny@gentoo.org>	2017-09-11 22:32:46 +0200
commit	fb2459330cf226ee34d3875a1143531bd109aaf2 (patch)
tree	5d8c479a30784631eaa632d25897ce1c445284e6 /bin/isolated-functions.sh
parent	repoman: Update --bug/--closes description for bugs.g.o hooks (diff)
download	portage-fb2459330cf226ee34d3875a1143531bd109aaf2.tar.gz portage-fb2459330cf226ee34d3875a1143531bd109aaf2.tar.bz2 portage-fb2459330cf226ee34d3875a1143531bd109aaf2.zip