From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-972195-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 5E0731396D1
	for <garchives@archives.gentoo.org>; Mon, 11 Sep 2017 20:33:08 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AF9D61FC059;
	Mon, 11 Sep 2017 20:33:07 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9147D1FC059
	for <gentoo-commits@lists.gentoo.org>; Mon, 11 Sep 2017 20:33:07 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D77483417E6
	for <gentoo-commits@lists.gentoo.org>; Mon, 11 Sep 2017 20:33:05 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id C7F37907B
	for <gentoo-commits@lists.gentoo.org>; Mon, 11 Sep 2017 20:32:57 +0000 (UTC)
From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" <mgorny@gentoo.org>
Message-ID: <1505161966.fb2459330cf226ee34d3875a1143531bd109aaf2.mgorny@gentoo>
Subject: [gentoo-commits] proj/portage:master commit in: bin/
X-VCS-Repository: proj/portage
X-VCS-Files: bin/ebuild.sh bin/isolated-functions.sh
X-VCS-Directories: bin/
X-VCS-Committer: mgorny
X-VCS-Committer-Name: Michał Górny
X-VCS-Revision: fb2459330cf226ee34d3875a1143531bd109aaf2
X-VCS-Branch: master
Date: Mon, 11 Sep 2017 20:32:57 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 737ab71b-75e5-4fb3-a5c3-7568d3d36fca
X-Archives-Hash: e33034369be68bd1a8d8b0a892d8d3dc

commit:     fb2459330cf226ee34d3875a1143531bd109aaf2
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 31 20:29:50 2017 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Mon Sep 11 20:32:46 2017 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=fb245933

ebuild.sh: Completely ban external commands in global scope

Set PATH to /dev/null when sourcing the ebuild for dependency resolution
in order to prevent shell from finding external commands via PATH
lookup. While this does not prevent executing programs via full path, it
should catch the majority of accidental uses.

Closes: https://github.com/gentoo/portage/pull/199
Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>

 bin/ebuild.sh             | 6 +++++-
 bin/isolated-functions.sh | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index c23561651..94a44d534 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -80,8 +80,12 @@ else
 	done
 	unset funcs x
 
+	# prevent the shell from finding external executables
+	# note: we can't use empty because it implies current directory
+	_PORTAGE_ORIG_PATH=${PATH}
+	export PATH=/dev/null
 	command_not_found_handle() {
-		die "Command not found while sourcing ebuild: ${*}"
+		die "External commands disallowed while sourcing ebuild: ${*}"
 	}
 fi
 

diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
index e320f7132..b28e44f18 100644
--- a/bin/isolated-functions.sh
+++ b/bin/isolated-functions.sh
@@ -121,6 +121,10 @@ __helpers_die() {
 }
 
 die() {
+	# restore PATH since die calls basename & sed
+	# TODO: make it pure bash
+	[[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
+
 	set +x # tracing only produces useless noise here
 	local IFS=$' \t\n'