Set PATH to /dev/null when sourcing the ebuild for dependency resolution in order to prevent shell from finding external commands via PATH lookup. While this does not prevent executing programs via full path, it should catch the majority of accidental uses.
Closes: https://github.com/gentoo/portage/pull/199 // Note: this can't be merged right now since we still have ebuilds // calling external commands; see: // https://bugs.gentoo.org/show_bug.cgi?id=629222 --- bin/ebuild.sh | 6 +++++- bin/isolated-functions.sh | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bin/ebuild.sh b/bin/ebuild.sh index c23561651..94a44d534 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -80,8 +80,12 @@ else done unset funcs x + # prevent the shell from finding external executables + # note: we can't use empty because it implies current directory + _PORTAGE_ORIG_PATH=${PATH} + export PATH=/dev/null command_not_found_handle() { - die "Command not found while sourcing ebuild: ${*}" + die "External commands disallowed while sourcing ebuild: ${*}" } fi diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh index e320f7132..b28e44f18 100644 --- a/bin/isolated-functions.sh +++ b/bin/isolated-functions.sh @@ -121,6 +121,10 @@ __helpers_die() { } die() { + # restore PATH since die calls basename & sed + # TODO: make it pure bash + [[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH} + set +x # tracing only produces useless noise here local IFS=$' \t\n' -- 2.14.1
