Security: Explicitly define IFS to prevent misuse.

The scripts are written with certain expectations.
This expectation may not be properly met if the `IFS` value is changed.
This can potentially be used to create some sort of exploit.

Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting.

diff --git a/install.sh b/install.sh
index c8972d1ebc6c7a806426bc97ec09f215724c4eae..fb971b524f4dbb66913ed1d71cc6e0775e3c80ed 100755 (executable)
--- a/install.sh
+++ b/install.sh
@@ -14,6 +14,7 @@
 #
 
 install_main() {
 #
 
 install_main() {

+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.

 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh


@@ -877,4 +878,4 @@ install_cleanup() {
   unset install_cleanup
 }
 
   unset install_cleanup
 }
 

-install_main $*
+install_main ${*}